769ecd4d91e53cc734ede1b06a3935096e838020e44061032964dd769dda3968 | Triage

Sharing

General

Target

5897565916579xlsm.xlsm
Size

118KB
Sample

230701-hjsf8afg89
MD5

c930ab7f69ffa197bf8149c9038eebfc
SHA1

0438b6bed41413f8dcd5f9e95416f5dcab034173
SHA256

769ecd4d91e53cc734ede1b06a3935096e838020e44061032964dd769dda3968
SHA512

4d226575d5683d6acc853a87dcff2c518c4c57c59057420d610fb56c8d33cda87311e0ca28da95ab8de8cf78e837dfa9a39387a12b87151f2f5e06a5df94203b
SSDEEP

3072:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgMbyVEdBU6hubsll6UQjvxG:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgWX

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://www.cuneytkocas.com/wp-content/VSnofpES1wO2CcVob/

xlm40.dropper

http://towardsun.net/admin/BYGGkrYAnT/

xlm40.dropper

http://k-antiques.jp/wp-includes/SCYdA6TLohYk2/

Targets

- Target
  
  5897565916579xlsm.xlsm
- Size
  
  118KB
- MD5
  
  c930ab7f69ffa197bf8149c9038eebfc
- SHA1
  
  0438b6bed41413f8dcd5f9e95416f5dcab034173
- SHA256
  
  769ecd4d91e53cc734ede1b06a3935096e838020e44061032964dd769dda3968
- SHA512
  
  4d226575d5683d6acc853a87dcff2c518c4c57c59057420d610fb56c8d33cda87311e0ca28da95ab8de8cf78e837dfa9a39387a12b87151f2f5e06a5df94203b
- SSDEEP
  
  3072:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgMbyVEdBU6hubsll6UQjvxG:bKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgWX
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2