Overview

overview

10

Static

static

8

9306c66027...36.xls

windows7-x64

10

9306c66027...36.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9306c660275a9b5fa6d111994ee81872475c0ccbc670c15cabc6184ca43f5936

  • Size

    36KB

  • Sample

    230129-x2x7raaf92

  • MD5

    dfda816278baf9c22519c27fa4125615

  • SHA1

    be939a376053a22399eee038e3a8eb070a879dac

  • SHA256

    9306c660275a9b5fa6d111994ee81872475c0ccbc670c15cabc6184ca43f5936

  • SHA512

    5e0dec32f2fb857bc79351a03e6da7d9b2c3d6eba573af6329f851f9a6e703b3d22c55ea495e79659e2f04035dda97be6cb3f5c4f7c457a5e90e4d241294b56b

  • SSDEEP

    768:5PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJXwcRn1k+FL:Rok3hbdlylKsgqopeJBWhZFGkE+cL2No

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://skill.fashion/wp-data.php
xlm40.dropper

https://syracuse.best/wp-data.php

Targets

    • Target

      9306c660275a9b5fa6d111994ee81872475c0ccbc670c15cabc6184ca43f5936

    • Size

      36KB

    • MD5

      dfda816278baf9c22519c27fa4125615

    • SHA1

      be939a376053a22399eee038e3a8eb070a879dac

    • SHA256

      9306c660275a9b5fa6d111994ee81872475c0ccbc670c15cabc6184ca43f5936

    • SHA512

      5e0dec32f2fb857bc79351a03e6da7d9b2c3d6eba573af6329f851f9a6e703b3d22c55ea495e79659e2f04035dda97be6cb3f5c4f7c457a5e90e4d241294b56b

    • SSDEEP

      768:5PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJXwcRn1k+FL:Rok3hbdlylKsgqopeJBWhZFGkE+cL2No

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks