66728990edacded46a1638df1c1c4c1d231ac1144100dbf49ba5b1e040b987a8 | Triage

Sharing

General

Target

66728990edacded46a1638df1c1c4c1d231ac1144100dbf49ba5b1e040b987a8
Size

104KB
Sample

241120-132hcavfnr
MD5

a17d8e8745abfc174505ad7bdaccfa64
SHA1

4f500ee46be1fc089d4265625d8a2a25ccd4ae65
SHA256

66728990edacded46a1638df1c1c4c1d231ac1144100dbf49ba5b1e040b987a8
SHA512

55682241735df639d1fcd1501c9f26c38641953bdc17bc2e545cbaafd07ebf2b77890d4bb07af4bb9105220a65558f28a1feff3d1e41181d97d351f3bda2298b
SSDEEP

3072:TWKpbdrHYrMue8q7QPX+5xtekEdi8/dgeJ0depMHwGGqd4gG:yKpbdrHYrMue8q7QPX+5xtFEdi8/dgeT

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://filecabinet.digitalechoes.co.uk/wp-admin/NC/

Targets

- Target
  
  66728990edacded46a1638df1c1c4c1d231ac1144100dbf49ba5b1e040b987a8
- Size
  
  104KB
- MD5
  
  a17d8e8745abfc174505ad7bdaccfa64
- SHA1
  
  4f500ee46be1fc089d4265625d8a2a25ccd4ae65
- SHA256
  
  66728990edacded46a1638df1c1c4c1d231ac1144100dbf49ba5b1e040b987a8
- SHA512
  
  55682241735df639d1fcd1501c9f26c38641953bdc17bc2e545cbaafd07ebf2b77890d4bb07af4bb9105220a65558f28a1feff3d1e41181d97d351f3bda2298b
- SSDEEP
  
  3072:TWKpbdrHYrMue8q7QPX+5xtekEdi8/dgeJ0depMHwGGqd4gG:yKpbdrHYrMue8q7QPX+5xtFEdi8/dgeT
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2