ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c | Triage

Submit
Reports

Overview

overview

Static

static

8

ef2ce641a4...9c.xls

windows10-1703-x64

Resubmissions

30-01-2023 01:41

230130-b4cg6sec8w 10

24-11-2022 05:06

221124-frw39sea9s 10

Sharing

General

Target

ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
Size

216KB
Sample

230130-b4cg6sec8w
MD5

2486374800299563ab8934122234242a
SHA1

47bfe94aa96ef43231890f04ccd286b0888e10c8
SHA256

ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
SHA512

74e52e1e1317908447340cbba32949321ed435f17a524224af80236ecdf67187c83908cca514e82a49b9abe9495125ba741e01ed8f30663124c13fce339c63e5
SSDEEP

6144:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgAyY+TAQXTHGUMEyP5p6f5jQmK:GbGUMVWlbK

Score

10^/10

macro xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c.xls

Resource

win10-20220901-en

windows10-1703-x64

15 signatures

1800 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://audioselec.com/about/dDw5ggtyMojggTqhc/

xlm40.dropper

https://geringer-muehle.de/wp-admin/G/

xlm40.dropper

http://intolove.co.uk/wp-admin/FbGhiWtrEzrQ/

xlm40.dropper

http://isc.net.ua/themes/3rU/

Targets

- Target
  
  ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
- Size
  
  216KB
- MD5
  
  2486374800299563ab8934122234242a
- SHA1
  
  47bfe94aa96ef43231890f04ccd286b0888e10c8
- SHA256
  
  ef2ce641a4e9f270eea626e8e4800b0b97b4a436c40e7af30aeb6f02566b809c
- SHA512
  
  74e52e1e1317908447340cbba32949321ed435f17a524224af80236ecdf67187c83908cca514e82a49b9abe9495125ba741e01ed8f30663124c13fce339c63e5
- SSDEEP
  
  6144:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgAyY+TAQXTHGUMEyP5p6f5jQmK:GbGUMVWlbK
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2023

Terms | Privacy