Overview

overview

10

Static

static

8

635d9d2c05...2e.xls

windows7-x64

10

635d9d2c05...2e.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    635d9d2c05aa20361dadc5e2d073490f452f0aa55b687098d97e3f69547c782e

  • Size

    36KB

  • Sample

    230129-x21ymsaf93

  • MD5

    823238cf7f45d08cd12ab987fd382628

  • SHA1

    86207a86cdfa51080fe835200e3c746bad3d583a

  • SHA256

    635d9d2c05aa20361dadc5e2d073490f452f0aa55b687098d97e3f69547c782e

  • SHA512

    d9fd81603a5f57fec9fb0f5794c053272ffa13fca207a89c0fbe51a76dac319d7b675c055740598942638b64f20ba932bca5c9bdfa0dbfd0f4447b697dc89fa4

  • SSDEEP

    768:nPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJchyvA4hamJvMC2qGVggG/:Pok3hbdlylKsgqopeJBWhZFGkE+cL2NG

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://skill.fashion/wp-data.php
xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      635d9d2c05aa20361dadc5e2d073490f452f0aa55b687098d97e3f69547c782e

    • Size

      36KB

    • MD5

      823238cf7f45d08cd12ab987fd382628

    • SHA1

      86207a86cdfa51080fe835200e3c746bad3d583a

    • SHA256

      635d9d2c05aa20361dadc5e2d073490f452f0aa55b687098d97e3f69547c782e

    • SHA512

      d9fd81603a5f57fec9fb0f5794c053272ffa13fca207a89c0fbe51a76dac319d7b675c055740598942638b64f20ba932bca5c9bdfa0dbfd0f4447b697dc89fa4

    • SSDEEP

      768:nPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJchyvA4hamJvMC2qGVggG/:Pok3hbdlylKsgqopeJBWhZFGkE+cL2NG

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks