Overview

overview

10

Static

static

8

ae2937dfd4...a9.xls

windows7-x64

10

ae2937dfd4...a9.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae2937dfd4eaf284fb5c33f88c3781a9

  • Size

    36KB

  • Sample

    231219-1tnj5acder

  • MD5

    ae2937dfd4eaf284fb5c33f88c3781a9

  • SHA1

    abb196176f1a4be9f7a1b3fbf070dd6fbf6d9d00

  • SHA256

    5924a1069d3c8ca89f8aa4b8c44dc6e549e44c9feb668a36971f8fc507c000ab

  • SHA512

    2a2c2b86e7d6ccccaf85f132c372e81b13ed06eb0a4a857de3999bf1320639ebd7418ada20137347a1c8f3afd3cd409163116851734420afdd5fd813d6250a67

  • SSDEEP

    768:LPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJXckg3oFOWFqFTjX0V:zok3hbdlylKsgqopeJBWhZFGkE+cL2Nq

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://syracuse.best/wp-data.php
xlm40.dropper

https://skill.fashion/wp-data.php

Targets

    • Target

      ae2937dfd4eaf284fb5c33f88c3781a9

    • Size

      36KB

    • MD5

      ae2937dfd4eaf284fb5c33f88c3781a9

    • SHA1

      abb196176f1a4be9f7a1b3fbf070dd6fbf6d9d00

    • SHA256

      5924a1069d3c8ca89f8aa4b8c44dc6e549e44c9feb668a36971f8fc507c000ab

    • SHA512

      2a2c2b86e7d6ccccaf85f132c372e81b13ed06eb0a4a857de3999bf1320639ebd7418ada20137347a1c8f3afd3cd409163116851734420afdd5fd813d6250a67

    • SSDEEP

      768:LPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJXckg3oFOWFqFTjX0V:zok3hbdlylKsgqopeJBWhZFGkE+cL2Nq

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks