Overview

overview

10

Static

static

8

46c072dfde...d2.xls

windows7-x64

10

46c072dfde...d2.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46c072dfde46c0c18092c36f55c05e3a6059eb7e0ed8ee20f814589a7c34aad2

  • Size

    36KB

  • Sample

    230129-x25a3acb5s

  • MD5

    b69c73c1931dc1e26cb0dd2ff17cf220

  • SHA1

    3a28260960a7b9cebf5a9837124dda46f231ec46

  • SHA256

    46c072dfde46c0c18092c36f55c05e3a6059eb7e0ed8ee20f814589a7c34aad2

  • SHA512

    687f03db06b7681219ce207deb2262656a7351d863f3347f372202186e0d2d26bda57b071bd4522335cedc44eff67b933fb99786891c1e860cd243b67c20ea21

  • SSDEEP

    768:9PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+b50RwHQgcwrpYjJVG:1ok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      46c072dfde46c0c18092c36f55c05e3a6059eb7e0ed8ee20f814589a7c34aad2

    • Size

      36KB

    • MD5

      b69c73c1931dc1e26cb0dd2ff17cf220

    • SHA1

      3a28260960a7b9cebf5a9837124dda46f231ec46

    • SHA256

      46c072dfde46c0c18092c36f55c05e3a6059eb7e0ed8ee20f814589a7c34aad2

    • SHA512

      687f03db06b7681219ce207deb2262656a7351d863f3347f372202186e0d2d26bda57b071bd4522335cedc44eff67b933fb99786891c1e860cd243b67c20ea21

    • SSDEEP

      768:9PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+b50RwHQgcwrpYjJVG:1ok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks