Overview

overview

10

Static

static

8

742811182b...c0.xls

windows7-x64

10

742811182b...c0.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    742811182bafd0540730921c9fb8315d10bed941b79c7b43b08b0a12fd924ec0.xls

  • Size

    432KB

  • Sample

    221201-shmjpaec4x

  • MD5

    2f96000f8f64813fd2133acffcf6b676

  • SHA1

    5c6a58bdb2379854d93e160bd3ac536be6fbaef0

  • SHA256

    742811182bafd0540730921c9fb8315d10bed941b79c7b43b08b0a12fd924ec0

  • SHA512

    2b4ae0f09927ade66a56efd74210f91a450ed721e8a4c351e0b5cdf8345d755cb047d60877ee1773a4212f2579ae013445fbfb407ec52aa0c058a5eac397cd35

  • SSDEEP

    6144:KxEtjPOtioVjZUGGnwfDlavx+W2QdAwoLKRH2XS2t6V96NNahztExGfld9XGG1:hdzgqlT2

Score
10/10
macro

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://server-panelllx-9.gq/Myfile.exe

Targets

    • Target

      742811182bafd0540730921c9fb8315d10bed941b79c7b43b08b0a12fd924ec0.xls

    • Size

      432KB

    • MD5

      2f96000f8f64813fd2133acffcf6b676

    • SHA1

      5c6a58bdb2379854d93e160bd3ac536be6fbaef0

    • SHA256

      742811182bafd0540730921c9fb8315d10bed941b79c7b43b08b0a12fd924ec0

    • SHA512

      2b4ae0f09927ade66a56efd74210f91a450ed721e8a4c351e0b5cdf8345d755cb047d60877ee1773a4212f2579ae013445fbfb407ec52aa0c058a5eac397cd35

    • SSDEEP

      6144:KxEtjPOtioVjZUGGnwfDlavx+W2QdAwoLKRH2XS2t6V96NNahztExGfld9XGG1:hdzgqlT2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks