Overview

overview

10

Static

static

8

XLS W2_sheets.xls

windows7_x64

XLS W2_sheets.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    XLS W2_sheets.excel

  • Size

    80KB

  • Sample

    220623-rtrr4sddhq

  • MD5

    aa5dffcb00b9e03b5cb1a6c46d84d45c

  • SHA1

    28cebf092350a8278303a579cb8b1f5d1c303527

  • SHA256

    d199cb7b5afd352a297c1f4a56b930c56836ac1c850561a48fafdf224effad53

  • SHA512

    f81a05fbb9d827bd90b708dadd10f384d7f243821e4b5db8da61a431dd259aa7e9d8380cf3ca1150bcb735cc56760fb530013783f0aabfd4497baf19872749ec

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://45.140.16.7/DFpM13

Targets

    • Target

      XLS W2_sheets.excel

    • Size

      80KB

    • MD5

      aa5dffcb00b9e03b5cb1a6c46d84d45c

    • SHA1

      28cebf092350a8278303a579cb8b1f5d1c303527

    • SHA256

      d199cb7b5afd352a297c1f4a56b930c56836ac1c850561a48fafdf224effad53

    • SHA512

      f81a05fbb9d827bd90b708dadd10f384d7f243821e4b5db8da61a431dd259aa7e9d8380cf3ca1150bcb735cc56760fb530013783f0aabfd4497baf19872749ec

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks