Description
This typically indicates the parent process was compromised via an exploit or macro.
General
Target
Size
Sample
4e9e420ec600f81b78139ab1da528cb1ea1680188a9625812bee7f0ed311df4d.xls
95KB
220707-esslsschbj
Score
10/10
MD5
SHA1
SHA256
SHA512
699d5e55a29a09141b7ccb658fd2a295
39fc71193b190e3abdb2fdbfe4ba637ec48297f4
4e9e420ec600f81b78139ab1da528cb1ea1680188a9625812bee7f0ed311df4d
7d6aa7bac8468345019792f1296e45abffec614c38b3cca43e1ab9b4484c0ff189b9e3de9e9013e3d89df3f3fef17771fc86a421b8884409f271ae18c47110fb
Malware Config
Extracted
| Language | xlm4.0 |
| Source |
|
| URLs |
xlm40.dropper
https://edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/ xlm40.dropperhttp://earthmach.co.za/libraries/tWkZh9YrXbTd6IeX/ xlm40.dropperhttp://finvest.rs/wp-admin/Hr9nVNTIHgw59S/ xlm40.dropperhttp://efverstedt.se/5jjaV/w7fLEHJ20xn0qD/ |
Extracted
| Language | xlm4.0 |
| Source |
|
| URLs |
xlm40.dropper
https://edoraseguros.com.br/cgi-bin/jQNq9wlH1GXU/ |
Targets
Target
MD5
Filesize
4e9e420ec600f81b78139ab1da528cb1ea1680188a9625812bee7f0ed311df4d.xls
699d5e55a29a09141b7ccb658fd2a295
95KB
Score
10/10
SHA1
SHA256
SHA512
39fc71193b190e3abdb2fdbfe4ba637ec48297f4
4e9e420ec600f81b78139ab1da528cb1ea1680188a9625812bee7f0ed311df4d
7d6aa7bac8468345019792f1296e45abffec614c38b3cca43e1ab9b4484c0ff189b9e3de9e9013e3d89df3f3fef17771fc86a421b8884409f271ae18c47110fb
Signatures
-
Process spawned unexpected child process
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
8/10
behavioral1
Score
10/10
behavioral2
Score
10/10