Overview

overview

10

Static

static

8

31b23dde77...af.xls

windows7-x64

10

31b23dde77...af.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31b23dde77ac6445e7d3f70671c8236527f321449b3c8203755e6c1c2606f4af

  • Size

    36KB

  • Sample

    230129-x28y9aaf96

  • MD5

    ee94e295617632aaa2bf45222eaa5713

  • SHA1

    6c216da85675df42db21718c37444e42b4507147

  • SHA256

    31b23dde77ac6445e7d3f70671c8236527f321449b3c8203755e6c1c2606f4af

  • SHA512

    3bd0eb7ff8bdcd73308acb18840f53fd6ae823b17bfbd2f9f7c2c352019888b5252d4fcd3d6a8d370dd32ddb6fddc8426c7dd2a2a08a16e88ad1615176622efd

  • SSDEEP

    768:KPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJmchxCJq4ZDe2XBc2LorrL:eok3hbdlylKsgqopeJBWhZFGkE+cL2NY

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      31b23dde77ac6445e7d3f70671c8236527f321449b3c8203755e6c1c2606f4af

    • Size

      36KB

    • MD5

      ee94e295617632aaa2bf45222eaa5713

    • SHA1

      6c216da85675df42db21718c37444e42b4507147

    • SHA256

      31b23dde77ac6445e7d3f70671c8236527f321449b3c8203755e6c1c2606f4af

    • SHA512

      3bd0eb7ff8bdcd73308acb18840f53fd6ae823b17bfbd2f9f7c2c352019888b5252d4fcd3d6a8d370dd32ddb6fddc8426c7dd2a2a08a16e88ad1615176622efd

    • SSDEEP

      768:KPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJmchxCJq4ZDe2XBc2LorrL:eok3hbdlylKsgqopeJBWhZFGkE+cL2NY

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks