Overview

overview

10

Static

static

8

4e5ec05a13...3c.xls

windows7-x64

10

4e5ec05a13...3c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e5ec05a13ecae97af9e80c8b06d837748af62b7cac6ea7d488ec78238db9b3c

  • Size

    36KB

  • Sample

    221130-t65kvagc74

  • MD5

    9fb4a38b6357c6969362dd49c5f60562

  • SHA1

    592ea233fdc836000c8da57c91488eb2fd15a843

  • SHA256

    4e5ec05a13ecae97af9e80c8b06d837748af62b7cac6ea7d488ec78238db9b3c

  • SHA512

    59e5bb482406a19e9ec0ae75ec66432272c727724f7f7a5f74d3288881d2f9acb656338032f5e1727f4015fea529e1ebaf12b44a726acc24717a30f6d849b2ea

  • SSDEEP

    768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJmsLBscppUV8ZUGZ7c1:gok3hbdlylKsgqopeJBWhZFGkE+cL2NV

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      4e5ec05a13ecae97af9e80c8b06d837748af62b7cac6ea7d488ec78238db9b3c

    • Size

      36KB

    • MD5

      9fb4a38b6357c6969362dd49c5f60562

    • SHA1

      592ea233fdc836000c8da57c91488eb2fd15a843

    • SHA256

      4e5ec05a13ecae97af9e80c8b06d837748af62b7cac6ea7d488ec78238db9b3c

    • SHA512

      59e5bb482406a19e9ec0ae75ec66432272c727724f7f7a5f74d3288881d2f9acb656338032f5e1727f4015fea529e1ebaf12b44a726acc24717a30f6d849b2ea

    • SSDEEP

      768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJmsLBscppUV8ZUGZ7c1:gok3hbdlylKsgqopeJBWhZFGkE+cL2NV

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks