4a221e5a4ff5823f78170713306f6abbdfae1f782cb02a6b90b8ceabb42a7c97 | Triage

Sharing

General

Target

4a221e5a4ff5823f78170713306f6abbdfae1f782cb02a6b90b8ceabb42a7c97
Size

47KB
Sample

241120-2h4bwazjbm
MD5

86dc7893f44793c4316eeaf70ed0e295
SHA1

e797118e1e26a706b09f55f425eff851859607e3
SHA256

4a221e5a4ff5823f78170713306f6abbdfae1f782cb02a6b90b8ceabb42a7c97
SHA512

1d4687c751cd7043940d55a7668d126bf9af481717e889b7904c452ce64a87e52346216993a731e3e29a98a86cf0d272a2747074a1d381515d59698e89276254
SSDEEP

768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFm:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gz

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://www.escueladecinemza.com.ar/_installation/IBlj/

Targets

- Target
  
  4a221e5a4ff5823f78170713306f6abbdfae1f782cb02a6b90b8ceabb42a7c97
- Size
  
  47KB
- MD5
  
  86dc7893f44793c4316eeaf70ed0e295
- SHA1
  
  e797118e1e26a706b09f55f425eff851859607e3
- SHA256
  
  4a221e5a4ff5823f78170713306f6abbdfae1f782cb02a6b90b8ceabb42a7c97
- SHA512
  
  1d4687c751cd7043940d55a7668d126bf9af481717e889b7904c452ce64a87e52346216993a731e3e29a98a86cf0d272a2747074a1d381515d59698e89276254
- SSDEEP
  
  768:4DM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JT5X6DGwUdh+pqjeSLjcvLtzrxFm:462tfQXi8vgLZkTOHkQT51Vp6AwPe8gz
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2