Overview

overview

10

Static

static

8

96552f1a1d...79.xls

windows7-x64

10

96552f1a1d...79.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96552f1a1d6b48dfbbab2cec3d8cf724e1e31b1a2219643d351692f9ca557d79

  • Size

    36KB

  • Sample

    230129-x2wnxscb3w

  • MD5

    7f769c51a14e16bec3873cd1c37aba74

  • SHA1

    577b7a6ee62833f540d66320150d74973bb17919

  • SHA256

    96552f1a1d6b48dfbbab2cec3d8cf724e1e31b1a2219643d351692f9ca557d79

  • SHA512

    e7e9ad7d8be1a0beb11f2763fc67b0c591cb8c6a93325ca546c85bdc3a10756108de96fa68fda56c6bd4d1bb9774f9f16aed0076782541a65dc0f254e25ff391

  • SSDEEP

    768:xPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJztBLXajeg0xMAbl:5ok3hbdlylKsgqopeJBWhZFGkE+cL2Nk

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      96552f1a1d6b48dfbbab2cec3d8cf724e1e31b1a2219643d351692f9ca557d79

    • Size

      36KB

    • MD5

      7f769c51a14e16bec3873cd1c37aba74

    • SHA1

      577b7a6ee62833f540d66320150d74973bb17919

    • SHA256

      96552f1a1d6b48dfbbab2cec3d8cf724e1e31b1a2219643d351692f9ca557d79

    • SHA512

      e7e9ad7d8be1a0beb11f2763fc67b0c591cb8c6a93325ca546c85bdc3a10756108de96fa68fda56c6bd4d1bb9774f9f16aed0076782541a65dc0f254e25ff391

    • SSDEEP

      768:xPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJztBLXajeg0xMAbl:5ok3hbdlylKsgqopeJBWhZFGkE+cL2Nk

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks