Overview

overview

10

Static

static

8

97655499.xlsm

windows7-x64

10

97655499.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97655499.xlsm_

  • Size

    52KB

  • Sample

    221121-gxy1gseh64

  • MD5

    e987b83e2571e6adda4a0ebc368b81f4

  • SHA1

    c6138935ea597e9db0734de2ea8764e3d880b0c9

  • SHA256

    7d46349108b039adbea9483ff010c7b8214878148dd93baacaf0d0b7fe8d1384

  • SHA512

    350d91cac5655bcb12f8599ef8600583916044b477da775e343c2980cd54c1cce3a1daa04f633224fd326a1ac1df7e0d75da5db4f59b089a6eb849d8f62c601e

  • SSDEEP

    768:eGDMYpVcMV8ZRvP9Z+wtUtQoF2xp7VUl+xAJIzhhUL65/JZhnzdVWGR9H:eGRpFVexHTGKC2xUcxdHd7h5ZR9H

Score
10/10
macro

Malware Config

Extracted

Language
vba
URLs
vba.dropper

https://jim-justice.com/xeaicu0up.jpg
vba.dropper

https://m2.gameonlinefx9.com/qmbdz7.gif
vba.dropper

https://satyamenterprisesbhopal.com/p2n2vuh.pdf
vba.dropper

https://karinwebsite.angela-mathis.com/ujfhjv.zip
vba.dropper

https://ReyWard.com/bogsa8ju.txt
vba.dropper

https://dutapp.wisolve.co.za/tw5ljof.zip
vba.dropper

https://photography.angela-mathis.com/kz9kewt3p.gif
vba.dropper

https://volgatermolazer.ru/i9hxccqt.jpg
vba.dropper

https://koekwausvenlo.nl/egljuc362.txt
vba.dropper

https://test.kondzharadze.ru/rkh67b.pdf
vba.dropper

https://spacekicker.com/i3eiy3fut.pdf
vba.dropper

https://corvus.by/jflj9xdsm.jpg
vba.dropper

https://seo-papa.ru/x6rkqk8t.zip
vba.dropper

https://karkasvladimir.ru/up9ap9j.zip
vba.dropper

https://m2.gameonlinefx4.com/b2adivc.gif
vba.dropper

https://proadcompany.com/b34ndop.rar
vba.dropper

https://arvacol.com/poi1ra9g.txt
vba.dropper

https://hero.wewe.ws/m176bfxx.rar
vba.dropper

https://thechristianshop.xyrintech.com/lktr8g16.txt
vba.dropper

https://pmj.stephanebillon.com/sgmezbq.jpg

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://m1.gameonlinefx20.com/oof55tdp.gif

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://psychologischgeweld.brussels/ssu88978q.pdf

Targets

    • Target

      97655499.xlsm_

    • Size

      52KB

    • MD5

      e987b83e2571e6adda4a0ebc368b81f4

    • SHA1

      c6138935ea597e9db0734de2ea8764e3d880b0c9

    • SHA256

      7d46349108b039adbea9483ff010c7b8214878148dd93baacaf0d0b7fe8d1384

    • SHA512

      350d91cac5655bcb12f8599ef8600583916044b477da775e343c2980cd54c1cce3a1daa04f633224fd326a1ac1df7e0d75da5db4f59b089a6eb849d8f62c601e

    • SSDEEP

      768:eGDMYpVcMV8ZRvP9Z+wtUtQoF2xp7VUl+xAJIzhhUL65/JZhnzdVWGR9H:eGRpFVexHTGKC2xUcxdHd7h5ZR9H

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks