Overview

overview

10

Static

static

8

dba7a4b42e...b6.xls

windows7_x64

10

dba7a4b42e...b6.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dba7a4b42e291b9f9fa4c9734d6671a1ebb6dda6e2bec200a0d72322ad1f37b6

  • Size

    64KB

  • Sample

    220330-amtjpadcb5

  • MD5

    13fa41e4241a3b0a918b746a7da63013

  • SHA1

    42dc29ef4e5c423582c1a1033e977b4526b88404

  • SHA256

    4b09e72d1ff127b2835ac05f80e6ea3b98e8bb703028fa6ae659d79897e55d80

  • SHA512

    45c7d9f02f0a55945d832f08af60027866803524db0a1d89a3b57318e4fee485e2e0a5e6f4ce55dd83e08970381fd3139c819fb3086c15f83242ce0a5d6a3925

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fccatinsaat.com/wp-content/Cw3aR6792f/
xlm40.dropper

http://fabulouswebdesign.net/invoice/m/
xlm40.dropper

http://freemanylaluz.com/downloads/8dR9pgNBFtz/
xlm40.dropper

https://freewebsitedirectory.com/wp-includes/v2qFAlMZELRkxbz/

Targets

    • Target

      dba7a4b42e291b9f9fa4c9734d6671a1ebb6dda6e2bec200a0d72322ad1f37b6

    • Size

      106KB

    • MD5

      15607491b1fae48c53117a513dd5b413

    • SHA1

      604b48c6e84d1aa1c10cfa97d80c07be3ce1b99b

    • SHA256

      dba7a4b42e291b9f9fa4c9734d6671a1ebb6dda6e2bec200a0d72322ad1f37b6

    • SHA512

      045fd7a802605e5408b12b31b4a991088ce40f649cb2c717f7b55f10102de0917ffa3876383b73a7b1f14d2f98505c5e0fd981e14626b1939b0f9b9aee19b8f0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks