ee2dc4300f18802a18616e9e5434b2a0d438c819d2229d3724fa266ae881dbf7 | Triage

Resubmissions

13-09-2023 13:01

230913-p87qrsee82 10

13-09-2023 09:51

230913-lvldtsdg38 10

Sharing

General

Target

tr_0.xls
Size

90KB
Sample

230913-p87qrsee82
MD5

08f03e9133419730830daa1d5c05f2ea
SHA1

0fbe4abe79048fb25f00e11c3f53b9729ea2019b
SHA256

ee2dc4300f18802a18616e9e5434b2a0d438c819d2229d3724fa266ae881dbf7
SHA512

d272fc170333bca041dba873120303694f99bd6f89e32b73597ad8cb6da63e54b45e1f15c34ca8494369d091693c456076374f3fb58c66ce08d1f5140e2745c1
SSDEEP

1536:0Yyk3hbdlylKsgqopeJBWhZFGkE+cL2NdAU8enuoLf04Gq4nV/hS5vfiyrA4H9OP:0Xk3hbdlylKsgqopeJBWhZFGkE+cL2N4

Score

10^/10

macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://mac-rail.com/434.dll

Targets

- Target
  
  tr_0.xls
- Size
  
  90KB
- MD5
  
  08f03e9133419730830daa1d5c05f2ea
- SHA1
  
  0fbe4abe79048fb25f00e11c3f53b9729ea2019b
- SHA256
  
  ee2dc4300f18802a18616e9e5434b2a0d438c819d2229d3724fa266ae881dbf7
- SHA512
  
  d272fc170333bca041dba873120303694f99bd6f89e32b73597ad8cb6da63e54b45e1f15c34ca8494369d091693c456076374f3fb58c66ce08d1f5140e2745c1
- SSDEEP
  
  1536:0Yyk3hbdlylKsgqopeJBWhZFGkE+cL2NdAU8enuoLf04Gq4nV/hS5vfiyrA4H9OP:0Xk3hbdlylKsgqopeJBWhZFGkE+cL2N4
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1