9447046f57bf3390404279fcfd278eb7847da2e3e8d920638772a218b246d9bc | Triage

Sharing

General

Target

9447046f57bf3390404279fcfd278eb7847da2e3e8d920638772a218b246d9bc
Size

37KB
Sample

241120-ks1v3avepm
MD5

dc707541a876ed013263df5eae12a466
SHA1

d14543f4a32a2aee4eafc8d8322b07ff9908d9e8
SHA256

9447046f57bf3390404279fcfd278eb7847da2e3e8d920638772a218b246d9bc
SHA512

55a87f3a43e95ae1cfb89af782f8f4be07e585e105512cc0cf2cac870f37c6f65517842809d3821dc9d6fdb0155e524eb5d74ee8b3c05a849a48e1f36bf2afec
SSDEEP

768:Ab/Mvd5dhTJxmxE7l0VGpevZCw4VmUxjfC30+kS4QyoX0VyY5G:Abmd5zmxE7W0XYk4pEVyV

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://ordereasy.hk/error/8BZswf/

xlm40.dropper

https://duocphamct.com/wp-content/JYT0KrYcoJrAj/

Targets

- Target
  
  9447046f57bf3390404279fcfd278eb7847da2e3e8d920638772a218b246d9bc
- Size
  
  37KB
- MD5
  
  dc707541a876ed013263df5eae12a466
- SHA1
  
  d14543f4a32a2aee4eafc8d8322b07ff9908d9e8
- SHA256
  
  9447046f57bf3390404279fcfd278eb7847da2e3e8d920638772a218b246d9bc
- SHA512
  
  55a87f3a43e95ae1cfb89af782f8f4be07e585e105512cc0cf2cac870f37c6f65517842809d3821dc9d6fdb0155e524eb5d74ee8b3c05a849a48e1f36bf2afec
- SSDEEP
  
  768:Ab/Mvd5dhTJxmxE7l0VGpevZCw4VmUxjfC30+kS4QyoX0VyY5G:Abmd5zmxE7W0XYk4pEVyV
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2