65fb927ebb54d82716712049f4a6821fed9fb4d5cbf64558f582eee6cf5d0020 | Triage

Sharing

General

Target

65fb927ebb54d82716712049f4a6821fed9fb4d5cbf64558f582eee6cf5d0020
Size

60KB
Sample

241120-n8qltawdpf
MD5

a6f32a28058b1af42cc8a69dfaec823d
SHA1

075e700393331a7e20c2e49658c14f233d762c6b
SHA256

65fb927ebb54d82716712049f4a6821fed9fb4d5cbf64558f582eee6cf5d0020
SHA512

a26b631ba0ff20e5774add9c38db4cf70978fd9b94529a840a0726ab9a1bbaa69ad90c2b48dbc5267e3da2c997fe65d4bddf640ef5696df0e83350fea2cd27db
SSDEEP

1536:PyAcDj+r/KexKIxLJSXOvj0q2tokUkRFtvHaMCRDr:dC+7K3Ixo3q2eRoF9CRDr

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://filecabinet.digitalechoes.co.uk/wp-admin/NC/

Targets

- Target
  
  S-P Construction of St. Paul Inc.xls
- Size
  
  104KB
- MD5
  
  b787947f12770a4105ccc158983a3712
- SHA1
  
  14b05316b654557dbc3c1a0182da1b3aab2f885c
- SHA256
  
  1635bee22dd56fa692c8fa1bbc1861b7934b7f38f8e11cb48e7f0a5ae60a2871
- SHA512
  
  834f12d4144096e9743e0dc822818733338f8f6c2c494f4f71749175fada210f3f93213c7c5ce6dad576ebaa299115e67e88a2dedb7e33bab28f55fa9f52343e
- SSDEEP
  
  3072:yWKpbdrHYrMue8q7QPX+5xtekEdi8/dgeJ0depMHwGGqd4gk:nKpbdrHYrMue8q7QPX+5xtFEdi8/dgeB
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2