Overview

overview

10

Static

static

8

792863ab03...1e.xls

windows7-x64

10

792863ab03...1e.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    792863ab031fc241cd953a7e1a25c2b16a3cd51ad5a4cd9ec48454f2ffbc3e1e

  • Size

    36KB

  • Sample

    221130-tedcaadh93

  • MD5

    f36c8d22a6a282528f7ccbea7456b8b9

  • SHA1

    318320b4d0e6bac28d0ffb74e2b14028be3d5d00

  • SHA256

    792863ab031fc241cd953a7e1a25c2b16a3cd51ad5a4cd9ec48454f2ffbc3e1e

  • SHA512

    2d70a5d8686b568a875268bf36e6c8a34a01e22c4652a46e8edf8e9df75ffc2ba6f8a56a713ec4ccaa13792300c1958b5c284b405c7914530f38b1dbc19b476a

  • SSDEEP

    768:RPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJXp4e0ibffCh7kEl:Zok3hbdlylKsgqopeJBWhZFGkE+cL2Nx

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php
xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      792863ab031fc241cd953a7e1a25c2b16a3cd51ad5a4cd9ec48454f2ffbc3e1e

    • Size

      36KB

    • MD5

      f36c8d22a6a282528f7ccbea7456b8b9

    • SHA1

      318320b4d0e6bac28d0ffb74e2b14028be3d5d00

    • SHA256

      792863ab031fc241cd953a7e1a25c2b16a3cd51ad5a4cd9ec48454f2ffbc3e1e

    • SHA512

      2d70a5d8686b568a875268bf36e6c8a34a01e22c4652a46e8edf8e9df75ffc2ba6f8a56a713ec4ccaa13792300c1958b5c284b405c7914530f38b1dbc19b476a

    • SSDEEP

      768:RPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJXp4e0ibffCh7kEl:Zok3hbdlylKsgqopeJBWhZFGkE+cL2Nx

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks