6037abc3e0340b6af982c1e79e19093c3c802a166c78dc02069c42124713706f | Triage

Submit
Reports

Overview

overview

Static

static

8

payment deposited.xls

windows7-x64

payment deposited.xls

windows10-2004-x64

6

Sharing

General

Target

payment deposited.xls
Size

32KB
Sample

220818-g52rcaadfq
MD5

5ed3f5b6e47b32637675e7b1534a190f
SHA1

da9511f0790da2b3e44595ab5498e186d8994bc7
SHA256

6037abc3e0340b6af982c1e79e19093c3c802a166c78dc02069c42124713706f
SHA512

4f3bdadd4fa392359fc05d5eae74e8daa7c37aa70b249b10564292d55e4c7d7c4e646d65d8ff27c07aaa1c872f4f689a3a6d9c829cc2a157732ae363e1fe7552
SSDEEP

768:E6gk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJk5fYmHdCDK:wk3hOdsylKlgxopeiBNhZFGzE+cL2kd4

Score

10^/10

macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

payment deposited.xls

Resource

win7-20220812-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

payment deposited.xls

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  payment deposited.xls
- Size
  
  32KB
- MD5
  
  5ed3f5b6e47b32637675e7b1534a190f
- SHA1
  
  da9511f0790da2b3e44595ab5498e186d8994bc7
- SHA256
  
  6037abc3e0340b6af982c1e79e19093c3c802a166c78dc02069c42124713706f
- SHA512
  
  4f3bdadd4fa392359fc05d5eae74e8daa7c37aa70b249b10564292d55e4c7d7c4e646d65d8ff27c07aaa1c872f4f689a3a6d9c829cc2a157732ae363e1fe7552
- SSDEEP
  
  768:E6gk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJk5fYmHdCDK:wk3hOdsylKlgxopeiBNhZFGzE+cL2kd4
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy