Overview

overview

10

Static

static

8

?i=1xzxpsygi.xlsm

windows7_x64

10

?i=1xzxpsygi.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ?i=1xzxpsygi

  • Size

    114KB

  • Sample

    220503-n4mdlagcbl

  • MD5

    f8ecaf3d4168b075f418c121a763ae0f

  • SHA1

    cd99515256f845d4b6ca4f8a4f5ff6d0f1d0eff3

  • SHA256

    d145d8bd97ef82aed65a01e30b7523f9380bdef7e4af3cbb706c3fe571d2accb

  • SHA512

    bb37a13fdef41887f119faf79af415cb14a894f9b5ef757a7be9a665afcd0df5a491b6b4a4bf0ed46c5e6b6a0dcd247ad52e1f94b4567d1287d319ed7459ce60

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://92.255.57.195/sec/sec.html

Targets

    • Target

      ?i=1xzxpsygi

    • Size

      114KB

    • MD5

      f8ecaf3d4168b075f418c121a763ae0f

    • SHA1

      cd99515256f845d4b6ca4f8a4f5ff6d0f1d0eff3

    • SHA256

      d145d8bd97ef82aed65a01e30b7523f9380bdef7e4af3cbb706c3fe571d2accb

    • SHA512

      bb37a13fdef41887f119faf79af415cb14a894f9b5ef757a7be9a665afcd0df5a491b6b4a4bf0ed46c5e6b6a0dcd247ad52e1f94b4567d1287d319ed7459ce60

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks