0d93a4f12d6e52dd86f8194dc522bdf7b6c4724898e929e12943c15cef4f3aa9

General

Target

0d93a4f12d6e52dd86f8194dc522bdf7b6c4724898e929e12943c15cef4f3aa9.xlsm
Size

102KB
Sample

220228-pgc23sffal
MD5

e01658f40196c8810a4b654d10212ade
SHA1

caed09b776174509351dfe57e87325cacee7c69d
SHA256

0d93a4f12d6e52dd86f8194dc522bdf7b6c4724898e929e12943c15cef4f3aa9
SHA512

5e502a8d00aa91155e4725323b9f7b073537565a1b185e8a8cce12259b6c7300aebabd8ef776280cecb85b451999742a5bde4ad1a460f12fec0d9c7e7158a666

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://singsamut.ac.th/00-----26phj/ws1iGhQ/ws1iGhQ/

xlm40.dropper

http://xxx247.nl/wp-admin/2fzDb1GGJC4EmhKc/

xlm40.dropper

http://oliverrubber.in/catalog/j/

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://singsamut.ac.th/00-----26phj/ws1iGhQ/ws1iGhQ/

Targets

- Target
  
  0d93a4f12d6e52dd86f8194dc522bdf7b6c4724898e929e12943c15cef4f3aa9.xlsm
- Size
  
  102KB
- MD5
  
  e01658f40196c8810a4b654d10212ade
- SHA1
  
  caed09b776174509351dfe57e87325cacee7c69d
- SHA256
  
  0d93a4f12d6e52dd86f8194dc522bdf7b6c4724898e929e12943c15cef4f3aa9
- SHA512
  
  5e502a8d00aa91155e4725323b9f7b073537565a1b185e8a8cce12259b6c7300aebabd8ef776280cecb85b451999742a5bde4ad1a460f12fec0d9c7e7158a666
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2