8a567759b335bb7122bb32a85b17acef0a1643be82f439f1689693f6cdcd2679 | Triage

Sharing

General

Target

8a567759b335bb7122bb32a85b17acef0a1643be82f439f1689693f6cdcd2679
Size

96KB
Sample

241120-p53mmsxeqm
MD5

abb526dcabee9e73957f9be80ea5c097
SHA1

958ba174aee32a8f861479adf7f49f60217541d7
SHA256

8a567759b335bb7122bb32a85b17acef0a1643be82f439f1689693f6cdcd2679
SHA512

a4911eafb452b61671fedb3cef7aefc83f44141331412350da22f7d138b4ce4792df17dbb4cff93c389d7aaad9c7b697c5fc6afd749f089eab032666d19b96bf
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3J:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/

xlm40.dropper

http://greycoconut.com/edm/71qUA/

xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/

xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

- Target
  
  8a567759b335bb7122bb32a85b17acef0a1643be82f439f1689693f6cdcd2679
- Size
  
  96KB
- MD5
  
  abb526dcabee9e73957f9be80ea5c097
- SHA1
  
  958ba174aee32a8f861479adf7f49f60217541d7
- SHA256
  
  8a567759b335bb7122bb32a85b17acef0a1643be82f439f1689693f6cdcd2679
- SHA512
  
  a4911eafb452b61671fedb3cef7aefc83f44141331412350da22f7d138b4ce4792df17dbb4cff93c389d7aaad9c7b697c5fc6afd749f089eab032666d19b96bf
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3J:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2