e62ae281c6152d0fb7c49f415b394657d645f2f5fc93f238239f19608c94fbea | Triage

Sharing

General

Target

MACRO-DFIR-RETO.xls
Size

648KB
Sample

240920-t8l7aawfne
MD5

dfa567619d3d7935688df7d0bba6aed6
SHA1

7d6e6d88e846ca396338f0bc16e22c8a2b27fc82
SHA256

e62ae281c6152d0fb7c49f415b394657d645f2f5fc93f238239f19608c94fbea
SHA512

3b490fabdf9999a396dabca51a9be2cc80409aacd747c82308ab2dfad24e92d6046fc915ec5639d12e6668226704784c2dc59692488591e4eeef0cbf978d7c61
SSDEEP

6144:Kknl9oBdySAx76F6XeyTVtW/9Ny9ABnl5/PBgxOHjuM9MV:El5/WxIj8

Score

10^/10

discovery

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://nws.visionconsulting.ro/N1G1KCXA/dot.html

xlm40.dropper

https://royalpalm.sparkblue.lk/vCNhYrq3Yg8/dot.html

Targets

- Target
  
  MACRO-DFIR-RETO.xls
- Size
  
  648KB
- MD5
  
  dfa567619d3d7935688df7d0bba6aed6
- SHA1
  
  7d6e6d88e846ca396338f0bc16e22c8a2b27fc82
- SHA256
  
  e62ae281c6152d0fb7c49f415b394657d645f2f5fc93f238239f19608c94fbea
- SHA512
  
  3b490fabdf9999a396dabca51a9be2cc80409aacd747c82308ab2dfad24e92d6046fc915ec5639d12e6668226704784c2dc59692488591e4eeef0cbf978d7c61
- SSDEEP
  
  6144:Kknl9oBdySAx76F6XeyTVtW/9Ny9ABnl5/PBgxOHjuM9MV:El5/WxIj8
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2