c439e7909baca9d49b1a21ff8d6dd6b86d441ddd7bfd9d97cc7dde2238b821e2 | Triage

Submit
Reports

Overview

overview

Static

static

8

2223475-67848.xlsm

windows7_x64

2223475-67848.xlsm

windows10-2004_x64

Sharing

General

Target

2223475-67848.xlsm
Size

83KB
Sample

220114-1xvslsbbgk
MD5

f0352504e6f4ba057a118715e6c5a174
SHA1

d25bb13b4932f6a1882a036d9bfe9ea12372ee9c
SHA256

c439e7909baca9d49b1a21ff8d6dd6b86d441ddd7bfd9d97cc7dde2238b821e2
SHA512

294fa4fa698a7a92a9742507807c934be0bdcda69c22d89105f708b0f29a5b311e83ce88b673e5d65904f5af8002ed32b2bde8ded4be19280968d82d05207d97

Score

10^/10

macro suricata xlm

Static task

static1

Behavioral task

behavioral1

Sample

2223475-67848.xlsm

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2223475-67848.xlsm

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://recont.com/n8xbqb/lwEORjcJYPKCNQ/

Targets

- Target
  
  2223475-67848.xlsm
- Size
  
  83KB
- MD5
  
  f0352504e6f4ba057a118715e6c5a174
- SHA1
  
  d25bb13b4932f6a1882a036d9bfe9ea12372ee9c
- SHA256
  
  c439e7909baca9d49b1a21ff8d6dd6b86d441ddd7bfd9d97cc7dde2238b821e2
- SHA512
  
  294fa4fa698a7a92a9742507807c934be0bdcda69c22d89105f708b0f29a5b311e83ce88b673e5d65904f5af8002ed32b2bde8ded4be19280968d82d05207d97
Score

10^/10

suricata
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- suricata: ET MALWARE W32/Emotet CnC Beacon 3
  suricata: ET MALWARE W32/Emotet CnC Beacon 3
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy