Overview

overview

10

Static

static

8

22af67a455...ed.xls

windows7-x64

10

22af67a455...ed.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22af67a455f93e3cbf68984ffa4cd2f31573dfc106c9d5a71b73cf1924421ced

  • Size

    36KB

  • Sample

    230129-x2891scb5z

  • MD5

    9a9c80f29b1ad4bfdb790709a8390f99

  • SHA1

    edea6709ff33ea73e89d7f192deac8eb97d958f1

  • SHA256

    22af67a455f93e3cbf68984ffa4cd2f31573dfc106c9d5a71b73cf1924421ced

  • SHA512

    474df98085fb0c1fd9448151c82019675a8e284490214303af4b1e58e51cffff6b8a12247f51f626ea68a40469c04fc7ea185d8bc408214243aaa4dc7498b56e

  • SSDEEP

    768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJHfX4R6/bAoZy/YS9oR:kok3hbdlylKsgqopeJBWhZFGkE+cL2Ni

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://markens.online/wp-data.php
xlm40.dropper

https://statedauto.com/wp-data.php

Targets

    • Target

      22af67a455f93e3cbf68984ffa4cd2f31573dfc106c9d5a71b73cf1924421ced

    • Size

      36KB

    • MD5

      9a9c80f29b1ad4bfdb790709a8390f99

    • SHA1

      edea6709ff33ea73e89d7f192deac8eb97d958f1

    • SHA256

      22af67a455f93e3cbf68984ffa4cd2f31573dfc106c9d5a71b73cf1924421ced

    • SHA512

      474df98085fb0c1fd9448151c82019675a8e284490214303af4b1e58e51cffff6b8a12247f51f626ea68a40469c04fc7ea185d8bc408214243aaa4dc7498b56e

    • SSDEEP

      768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJHfX4R6/bAoZy/YS9oR:kok3hbdlylKsgqopeJBWhZFGkE+cL2Ni

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks