e8dd7a8c2e917180a33a639f3843415de22b2413e7a10d48b6237549b07e49bd | Triage

Sharing

General

Target

e8dd7a8c2e917180a33a639f3843415de22b2413e7a10d48b6237549b07e49bd
Size

56KB
Sample

241120-2gxspsvmas
MD5

1ae1818e39f8d4577500154e769401e5
SHA1

82220a63d8acb8bf714ef0dc2f01d222ab3d4c4d
SHA256

e8dd7a8c2e917180a33a639f3843415de22b2413e7a10d48b6237549b07e49bd
SHA512

a312aeda09669b36fbd5c566e3786552f2dae39c446d5e5e4d6df9c260645e78b31d8255f23410966c97c94b1ed579d9964bdb4378d5bd8c3f51fb09db3369a0
SSDEEP

1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4Xsvm:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg6

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://dharian.org/_sharedtemplates/D3QgytUZsO7korYQrG/

xlm40.dropper

http://digitalripple.com/scripts/4ovLPfq/

Targets

- Target
  
  e8dd7a8c2e917180a33a639f3843415de22b2413e7a10d48b6237549b07e49bd
- Size
  
  56KB
- MD5
  
  1ae1818e39f8d4577500154e769401e5
- SHA1
  
  82220a63d8acb8bf714ef0dc2f01d222ab3d4c4d
- SHA256
  
  e8dd7a8c2e917180a33a639f3843415de22b2413e7a10d48b6237549b07e49bd
- SHA512
  
  a312aeda09669b36fbd5c566e3786552f2dae39c446d5e5e4d6df9c260645e78b31d8255f23410966c97c94b1ed579d9964bdb4378d5bd8c3f51fb09db3369a0
- SSDEEP
  
  1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4Xsvm:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg6
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2