182a584e336ad66f0013091d4958702c4abc83f3d02156d535c24410c57ba484 | Triage

Submit
Reports

Overview

overview

Static

static

8

Cybermesa_...US.xls

windows10_x64

Sharing

General

Target

Cybermesa_Electronic_form_Dt_05.19.2022_US.xls
Size

80KB
Sample

220521-cphajsecc8
MD5

3860f9ae3ac20b34505cd0783dae29a0
SHA1

5173d04e3eec3e6300e099cb45e11d75e94cd566
SHA256

182a584e336ad66f0013091d4958702c4abc83f3d02156d535c24410c57ba484
SHA512

40dd7f750bf1cf3a18ab93797c36506a4ee057b8b95b617133e2f892e68fc4acdf0e81c4883e753d5c56323314d162c9bdfd48c1b224fdb0d279fd4a8d8e4061

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Cybermesa_Electronic_form_Dt_05.19.2022_US.xls

Resource

win10-20220414-en

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://nandonikwebdesign.com/OWs/

xlm40.dropper

https://gelish.com/email-hog/YXaPiWbFMKT/

xlm40.dropper

http://nutensport-wezep.nl/wp-includes/QyezZmBmTL8AulMVv0oh/

xlm40.dropper

http://omeryener.com.tr/wp-admin/oakwcoWufii0JR89G/

Targets

- Target
  
  Cybermesa_Electronic_form_Dt_05.19.2022_US.xls
- Size
  
  80KB
- MD5
  
  3860f9ae3ac20b34505cd0783dae29a0
- SHA1
  
  5173d04e3eec3e6300e099cb45e11d75e94cd566
- SHA256
  
  182a584e336ad66f0013091d4958702c4abc83f3d02156d535c24410c57ba484
- SHA512
  
  40dd7f750bf1cf3a18ab93797c36506a4ee057b8b95b617133e2f892e68fc4acdf0e81c4883e753d5c56323314d162c9bdfd48c1b224fdb0d279fd4a8d8e4061
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy