434b81fd41ad827df4f81983828f43234278ccff8e5b13955200842d3a293ec0 | Triage

Sharing

General

Target

434b81fd41ad827df4f81983828f43234278ccff8e5b13955200842d3a293ec0.xlsx
Size

217KB
Sample

230211-ctlhrsdd5x
MD5

0f91ec3735820b2bb1bf5b08716c4edb
SHA1

91681fbec7a9e3aebf825cbc0034eb0777761783
SHA256

434b81fd41ad827df4f81983828f43234278ccff8e5b13955200842d3a293ec0
SHA512

99afb68db028567cfc0cad59d2d3ff4feffc4a3480c65d2200da2432f2b1df066187bbecc529bb45f88d2fc854d30b735850f34fefb0710f1eba9f0f559afefc
SSDEEP

6144:HKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQmo:BbGUMVWlbo

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://ftp.agir-santeinternationale.com/doctors/KAacngW97n4ApzVBDdGy/

xlm40.dropper

http://www.vinyz.com/admin3693/BDFFgAZ6zBRumcUSG/

xlm40.dropper

http://ly.yjlianyi.top/wp-admin/NRAdJ/

xlm40.dropper

http://www.muyehuayi.com/cmp/Vtm2m7z88g/

Targets

- Target
  
  434b81fd41ad827df4f81983828f43234278ccff8e5b13955200842d3a293ec0.xlsx
- Size
  
  217KB
- MD5
  
  0f91ec3735820b2bb1bf5b08716c4edb
- SHA1
  
  91681fbec7a9e3aebf825cbc0034eb0777761783
- SHA256
  
  434b81fd41ad827df4f81983828f43234278ccff8e5b13955200842d3a293ec0
- SHA512
  
  99afb68db028567cfc0cad59d2d3ff4feffc4a3480c65d2200da2432f2b1df066187bbecc529bb45f88d2fc854d30b735850f34fefb0710f1eba9f0f559afefc
- SSDEEP
  
  6144:HKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgByY+TAQXTHGUMEyP5p6f5jQmo:BbGUMVWlbo
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2