c90860cbcc78e518dfc11584eb096b7d31eb488f43d5c082b816da54cddfae0f | Triage

Sharing

General

Target

c90860cbcc78e518dfc11584eb096b7d31eb488f43d5c082b816da54cddfae0f
Size

124KB
Sample

230626-d1sq4agc29
MD5

a5dd8d199b2fab12f9a8b5dc01bc960a
SHA1

e033a2462b83278d17cfe23e9dc3a9c90e7b9f8e
SHA256

c90860cbcc78e518dfc11584eb096b7d31eb488f43d5c082b816da54cddfae0f
SHA512

93a3e25a9209ff5a3e23b9d3ee36d987482c17093b8e1971d48305820df503b34d502fd6a958a8603a67082112a7d6a4698f397b70931bd54fe6c439e602a588
SSDEEP

3072:8Kpb8rGYrMPe3q7Q0XV5xtezEsi8ZM+3UBjyqgF2ikieW2DXewVZawQ:8Kpb8rGYrMPe3q7Q0XV5xtuEsi8ZM++U

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://digitaldays.ro/site/brandupi.php

Targets

- Target
  
  c90860cbcc78e518dfc11584eb096b7d31eb488f43d5c082b816da54cddfae0f
- Size
  
  124KB
- MD5
  
  a5dd8d199b2fab12f9a8b5dc01bc960a
- SHA1
  
  e033a2462b83278d17cfe23e9dc3a9c90e7b9f8e
- SHA256
  
  c90860cbcc78e518dfc11584eb096b7d31eb488f43d5c082b816da54cddfae0f
- SHA512
  
  93a3e25a9209ff5a3e23b9d3ee36d987482c17093b8e1971d48305820df503b34d502fd6a958a8603a67082112a7d6a4698f397b70931bd54fe6c439e602a588
- SSDEEP
  
  3072:8Kpb8rGYrMPe3q7Q0XV5xtezEsi8ZM+3UBjyqgF2ikieW2DXewVZawQ:8Kpb8rGYrMPe3q7Q0XV5xtuEsi8ZM++U
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2