5646744689a2caeeac4a124a4b9b64f9666799521064cb131390da29e2603dd9 | Triage

Sharing

General

Target

5646744689a2caeeac4a124a4b9b64f9666799521064cb131390da29e2603dd9
Size

71KB
Sample

241120-q7n3psxcrh
MD5

e5457cd93d2ee82a691abf1435f4a3bd
SHA1

5db1aa76b481fa03d672be636354042bffd2f198
SHA256

5646744689a2caeeac4a124a4b9b64f9666799521064cb131390da29e2603dd9
SHA512

7c1d4014944fd3c5d253a94b9ede0a8f0b7d10737d9b484d6cb5f66a4dc4ca2dcc419588e5bad6d35c6187558387e30bb5069bde729cc5246eea029d5b1891b3
SSDEEP

1536:jhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+0+hDcnTLiQrRTZws8Eh:lKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMz

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://natayakim.com/personal/o0sKIzRjM/

xlm40.dropper

http://meta4media.com/portfolio2/flb3iuglypsbqT/

xlm40.dropper

http://hathaabeach.com/documents/zNsC/

Targets

- Target
  
  5646744689a2caeeac4a124a4b9b64f9666799521064cb131390da29e2603dd9
- Size
  
  71KB
- MD5
  
  e5457cd93d2ee82a691abf1435f4a3bd
- SHA1
  
  5db1aa76b481fa03d672be636354042bffd2f198
- SHA256
  
  5646744689a2caeeac4a124a4b9b64f9666799521064cb131390da29e2603dd9
- SHA512
  
  7c1d4014944fd3c5d253a94b9ede0a8f0b7d10737d9b484d6cb5f66a4dc4ca2dcc419588e5bad6d35c6187558387e30bb5069bde729cc5246eea029d5b1891b3
- SSDEEP
  
  1536:jhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+0+hDcnTLiQrRTZws8Eh:lKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMz
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2