10d406ca857bdbac609473521aa87c7c634c303d94812bf7dc5e20bcf7dd79f0 | Triage

Sharing

General

Target

10d406ca857bdbac609473521aa87c7c634c303d94812bf7dc5e20bcf7dd79f0
Size

37KB
Sample

241120-sykp2ayndz
MD5

ed3d81d630a00c336b7f3a434abcc4c9
SHA1

3359f2af06d34e75fe60c4d6a53cd713c93c071f
SHA256

10d406ca857bdbac609473521aa87c7c634c303d94812bf7dc5e20bcf7dd79f0
SHA512

e2d25eb847c86125beed46cbbca020cdf22414386457c21da4fe91ea2e7fe1b648e63bb9b84d9dc084cb62d482c66c94d223a244896dbe5cf4f77fb2c3c3f8a6
SSDEEP

768:Eb/Mvd5dhTJxmxE7l0VGpevZCw4VmUxjfC30+kS4QyoX0VyY5G:Ebmd5zmxE7W0XYk4pEVyV

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://ordereasy.hk/error/8BZswf/

xlm40.dropper

https://duocphamct.com/wp-content/JYT0KrYcoJrAj/

Targets

- Target
  
  10d406ca857bdbac609473521aa87c7c634c303d94812bf7dc5e20bcf7dd79f0
- Size
  
  37KB
- MD5
  
  ed3d81d630a00c336b7f3a434abcc4c9
- SHA1
  
  3359f2af06d34e75fe60c4d6a53cd713c93c071f
- SHA256
  
  10d406ca857bdbac609473521aa87c7c634c303d94812bf7dc5e20bcf7dd79f0
- SHA512
  
  e2d25eb847c86125beed46cbbca020cdf22414386457c21da4fe91ea2e7fe1b648e63bb9b84d9dc084cb62d482c66c94d223a244896dbe5cf4f77fb2c3c3f8a6
- SSDEEP
  
  768:Eb/Mvd5dhTJxmxE7l0VGpevZCw4VmUxjfC30+kS4QyoX0VyY5G:Ebmd5zmxE7W0XYk4pEVyV
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2