32bec158a40710d2c0aabbb77474d2d07cf8bebee15006f3938cebaa85e0f1e7 | Triage

Sharing

General

Target

32bec158a40710d2c0aabbb77474d2d07cf8bebee15006f3938cebaa85e0f1e7.xlsx
Size

218KB
Sample

230211-ctk71aea68
MD5

6576847f7deb2aeedd92a283b932a940
SHA1

6c5ba9c94ba71089fc9603f9cbad7e74c4ca6079
SHA256

32bec158a40710d2c0aabbb77474d2d07cf8bebee15006f3938cebaa85e0f1e7
SHA512

3e33703a6663ef13d85079794aa6ac49e5c8eaf65052af744be1b3428053d2445b35b3923a8a6b8b0ff1c14172eb80845f37024e10554ae412d540f38fd1a8a5
SSDEEP

6144:2k3hOdsylKlgxopeiBNhZF+E+W2kdApyY+TAQXTHGUMEyP5p6f5jQmSo:NbGUMVWlbSo

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/

xlm40.dropper

http://www.vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/

xlm40.dropper

http://ly.yjlianyi.top/wp-admin/NRAdJ/

xlm40.dropper

http://www.muyehuayi.com/cmp/Vtm2m7z88g/

Targets

- Target
  
  32bec158a40710d2c0aabbb77474d2d07cf8bebee15006f3938cebaa85e0f1e7.xlsx
- Size
  
  218KB
- MD5
  
  6576847f7deb2aeedd92a283b932a940
- SHA1
  
  6c5ba9c94ba71089fc9603f9cbad7e74c4ca6079
- SHA256
  
  32bec158a40710d2c0aabbb77474d2d07cf8bebee15006f3938cebaa85e0f1e7
- SHA512
  
  3e33703a6663ef13d85079794aa6ac49e5c8eaf65052af744be1b3428053d2445b35b3923a8a6b8b0ff1c14172eb80845f37024e10554ae412d540f38fd1a8a5
- SSDEEP
  
  6144:2k3hOdsylKlgxopeiBNhZF+E+W2kdApyY+TAQXTHGUMEyP5p6f5jQmSo:NbGUMVWlbSo
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2