ae2a675c55d58cf6a2d3ace59a707b070260f0c3c8d7a2b61c48ee8534bb4486 | Triage

Sharing

General

Target

ae2a675c55d58cf6a2d3ace59a707b070260f0c3c8d7a2b61c48ee8534bb4486
Size

56KB
Sample

241120-trnzjsyrf1
MD5

ae9cad53eed55031cc91ff69142b29b0
SHA1

8b415a7df1c8103b6058a6c77623ad0370c3592f
SHA256

ae2a675c55d58cf6a2d3ace59a707b070260f0c3c8d7a2b61c48ee8534bb4486
SHA512

d6b58246c9c183c0692cdf708232787fd762d9ddce0b8b91578a9de0f038f0c35e728afe283f356a494bdd7e98b82f8dd38833de9988181757bfb780073b129b
SSDEEP

1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4Xsvy:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://dharian.org/_sharedtemplates/D3QgytUZsO7korYQrG/

xlm40.dropper

http://digitalripple.com/scripts/4ovLPfq/

Targets

- Target
  
  ae2a675c55d58cf6a2d3ace59a707b070260f0c3c8d7a2b61c48ee8534bb4486
- Size
  
  56KB
- MD5
  
  ae9cad53eed55031cc91ff69142b29b0
- SHA1
  
  8b415a7df1c8103b6058a6c77623ad0370c3592f
- SHA256
  
  ae2a675c55d58cf6a2d3ace59a707b070260f0c3c8d7a2b61c48ee8534bb4486
- SHA512
  
  d6b58246c9c183c0692cdf708232787fd762d9ddce0b8b91578a9de0f038f0c35e728afe283f356a494bdd7e98b82f8dd38833de9988181757bfb780073b129b
- SSDEEP
  
  1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4Xsvy:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2