Malware Analysis Report

2025-03-15 07:02

Sample ID 240101-zmz4xaaeaj
Target 3ddaf78c2133c0d73c06c6df81a504db
SHA256 23c396aa04b6a989da0a96e6420693cbe8e3fe0d7bfe08984d5cbc5f4217f7de
Tags
macro xlm
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

23c396aa04b6a989da0a96e6420693cbe8e3fe0d7bfe08984d5cbc5f4217f7de

Threat Level: Likely malicious

The file 3ddaf78c2133c0d73c06c6df81a504db was found to be: Likely malicious.

Malicious Activity Summary

macro xlm

Suspicious Office macro

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-01 20:50

Signatures

Suspicious Office macro

macro xlm
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-01 20:50

Reported

2024-01-01 20:54

Platform

win7-20231215-en

Max time kernel

122s

Max time network

152s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3ddaf78c2133c0d73c06c6df81a504db.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3ddaf78c2133c0d73c06c6df81a504db.vbs"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-01 20:50

Reported

2024-01-01 20:53

Platform

win10v2004-20231222-en

Max time kernel

137s

Max time network

111s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3ddaf78c2133c0d73c06c6df81a504db.vbs"

Signatures

N/A

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3ddaf78c2133c0d73c06c6df81a504db.vbs"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 67.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 20.123.104.105:443 tcp
US 8.8.8.8:53 udp
N/A 52.165.165.26:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 23.37.2.11:443 tcp
US 8.8.8.8:53 udp
US 4.231.128.59:443 tcp
US 192.229.221.95:80 tcp
US 8.8.8.8:53 udp
N/A 20.123.104.105:443 tcp
US 8.8.8.8:53 udp
N/A 20.82.154.241:443 tcp
N/A 52.165.165.26:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 52.165.165.26:443 tcp
N/A 52.165.165.26:443 tcp
US 4.231.128.59:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 4.231.128.59:443 tcp
N/A 13.85.23.206:443 tcp
N/A 13.85.23.206:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 52.165.165.26:443 tcp
N/A 52.165.165.26:443 tcp
US 8.8.8.8:53 udp
N/A 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
PH 23.37.1.183:80 tcp
PH 23.37.1.183:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 20.123.104.105:443 tcp
US 8.8.8.8:53 udp
N/A 20.54.110.119:443 tcp
N/A 13.85.23.206:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 104.91.71.134:80 tcp
N/A 104.91.71.134:80 tcp
N/A 104.91.71.134:80 tcp
N/A 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
N/A 23.37.1.150:80 tcp
N/A 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
N/A 104.91.71.134:80 tcp
N/A 52.142.223.178:80 tcp
N/A 104.91.71.134:80 tcp
N/A 104.91.71.134:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
N/A 96.17.179.45:80 tcp
N/A 104.91.71.134:80 tcp
US 8.8.8.8:53 udp
N/A 104.91.71.134:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 udp
US 93.184.221.240:80 tcp
N/A 23.37.1.150:80 tcp
N/A 52.142.223.178:80 tcp
US 8.8.8.8:53 udp
N/A 20.199.58.43:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 96.17.179.67:80 tcp
GB 96.17.179.67:80 tcp
GB 96.17.179.67:80 tcp
US 8.8.8.8:53 udp
N/A 52.142.223.178:80 tcp
N/A 23.37.1.150:80 tcp
US 8.8.8.8:53 udp
N/A 52.111.229.19:443 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
N/A 20.223.36.55:443 tcp
N/A 20.223.36.55:443 tcp
N/A 20.223.36.55:443 tcp
N/A 20.223.36.55:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 g.bing.com tcp
US 204.79.197.200:443 tcp

Files

N/A