Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

7343c2f1c8923a7f77f71e8e4dcc9180212c13f5040fd1b513d4f26fd30bad41
Size

36KB
Sample

230129-x2y42scb31
MD5

4e258fc16f9f1bd37a59896f9d56beb4
SHA1

af80d1c572dcf5a227dc2bfa341433967242b11f
SHA256

7343c2f1c8923a7f77f71e8e4dcc9180212c13f5040fd1b513d4f26fd30bad41
SHA512

5d631619c1e47cafc03de68d62f11997189ac03313c8cb79dab3d5f2a070b5e27be8aa7e71e9dae23684d8f4e726a05a64e6c10626a4e4cf033d8e5551720597
SSDEEP

768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJugTyRZLAHWl:gok3hbdlylKsgqopeJBWhZFGkE+cL2Nt

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://markens.online/wp-data.php

Targets

- Target
  
  7343c2f1c8923a7f77f71e8e4dcc9180212c13f5040fd1b513d4f26fd30bad41
- Size
  
  36KB
- MD5
  
  4e258fc16f9f1bd37a59896f9d56beb4
- SHA1
  
  af80d1c572dcf5a227dc2bfa341433967242b11f
- SHA256
  
  7343c2f1c8923a7f77f71e8e4dcc9180212c13f5040fd1b513d4f26fd30bad41
- SHA512
  
  5d631619c1e47cafc03de68d62f11997189ac03313c8cb79dab3d5f2a070b5e27be8aa7e71e9dae23684d8f4e726a05a64e6c10626a4e4cf033d8e5551720597
- SSDEEP
  
  768:EPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJugTyRZLAHWl:gok3hbdlylKsgqopeJBWhZFGkE+cL2Nt
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2