4fb203958dc23dba23634f6f5356931bfc221e22bed0a184cd73153fca697a51 | Triage

Sharing

General

Target

4fb203958dc23dba23634f6f5356931bfc221e22bed0a184cd73153fca697a51.xlsx
Size

217KB
Sample

230211-ctk71add5v
MD5

b624c8a63e3b48f4351543fab0cd718f
SHA1

a0ebd1f6b5d816fa46e5c8e4c9dc41b349e3ad66
SHA256

4fb203958dc23dba23634f6f5356931bfc221e22bed0a184cd73153fca697a51
SHA512

1afe017eb7518c028cb32e613c219f5df3d75172828068321bdbdfdc49988625bbcb9b140eecda8af632899810ec29e57f00ef76b2bdc7921f2055e23b94220c
SSDEEP

6144:HKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQmL:BbGUMVWlbL

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/

xlm40.dropper

http://www.vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/

xlm40.dropper

http://ly.yjlianyi.top/wp-admin/NRAdJ/

xlm40.dropper

http://www.muyehuayi.com/cmp/Vtm2m7z88g/

Targets

- Target
  
  4fb203958dc23dba23634f6f5356931bfc221e22bed0a184cd73153fca697a51.xlsx
- Size
  
  217KB
- MD5
  
  b624c8a63e3b48f4351543fab0cd718f
- SHA1
  
  a0ebd1f6b5d816fa46e5c8e4c9dc41b349e3ad66
- SHA256
  
  4fb203958dc23dba23634f6f5356931bfc221e22bed0a184cd73153fca697a51
- SHA512
  
  1afe017eb7518c028cb32e613c219f5df3d75172828068321bdbdfdc49988625bbcb9b140eecda8af632899810ec29e57f00ef76b2bdc7921f2055e23b94220c
- SSDEEP
  
  6144:HKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQmL:BbGUMVWlbL
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2