Overview

overview

10

Static

static

8

96b36e6ca4...49.xls

windows7-x64

10

96b36e6ca4...49.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96b36e6ca48ae8e8918bb1e84e0a1e96d6c989fa03e9b1977a460bdf4d25c449

  • Size

    36KB

  • Sample

    230129-x2vrmaaf89

  • MD5

    7593338f7a3770615e76b6cba4baa690

  • SHA1

    15161d7ea96aff6fb907304dcaa537557035080c

  • SHA256

    96b36e6ca48ae8e8918bb1e84e0a1e96d6c989fa03e9b1977a460bdf4d25c449

  • SHA512

    3f1961eb70fda9c8378fd0fc8fa078c5bc99ba89e6df804c4de1baa8f6441bcfbc9f8f1bd5379b0985735b95bc59b9e8c70c4667fa92125f0bdfcc1af6de85f0

  • SSDEEP

    768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJGL1EoD6tKLZqJ8x:gok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

Targets

    • Target

      96b36e6ca48ae8e8918bb1e84e0a1e96d6c989fa03e9b1977a460bdf4d25c449

    • Size

      36KB

    • MD5

      7593338f7a3770615e76b6cba4baa690

    • SHA1

      15161d7ea96aff6fb907304dcaa537557035080c

    • SHA256

      96b36e6ca48ae8e8918bb1e84e0a1e96d6c989fa03e9b1977a460bdf4d25c449

    • SHA512

      3f1961eb70fda9c8378fd0fc8fa078c5bc99ba89e6df804c4de1baa8f6441bcfbc9f8f1bd5379b0985735b95bc59b9e8c70c4667fa92125f0bdfcc1af6de85f0

    • SSDEEP

      768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJGL1EoD6tKLZqJ8x:gok3hbdlylKsgqopeJBWhZFGkE+cL2NJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks