Overview

overview

10

Static

static

8

29b92c44c5...e.xlsb

windows7_x64

10

29b92c44c5...e.xlsb

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29b92c44c5a8d6f93bdd18fee934f94a9b30c04670c2a7648da7bb7a2b875b1e

  • Size

    357KB

  • Sample

    220329-tw9rtagbg8

  • MD5

    529c87179e723fd839f4a355c7857d55

  • SHA1

    443cf660b2561ff6d52ff76d2ec126b882b659e9

  • SHA256

    29b92c44c5a8d6f93bdd18fee934f94a9b30c04670c2a7648da7bb7a2b875b1e

  • SHA512

    995aa497406860bbad2c2e119c62919c6f7e5f80a355ab7545699654c049183871d32cee1e3c1ab16e52fb71ba29af4639f9abdb6b511d7136aadd310572c6b7

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://i.sfu.edu.ph/ds/161120.gif

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://i.sfu.edu.ph/ds/161120.gif

Targets

    • Target

      29b92c44c5a8d6f93bdd18fee934f94a9b30c04670c2a7648da7bb7a2b875b1e

    • Size

      357KB

    • MD5

      529c87179e723fd839f4a355c7857d55

    • SHA1

      443cf660b2561ff6d52ff76d2ec126b882b659e9

    • SHA256

      29b92c44c5a8d6f93bdd18fee934f94a9b30c04670c2a7648da7bb7a2b875b1e

    • SHA512

      995aa497406860bbad2c2e119c62919c6f7e5f80a355ab7545699654c049183871d32cee1e3c1ab16e52fb71ba29af4639f9abdb6b511d7136aadd310572c6b7

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks