5985c29519f1018a7c1c016f24ce4ddf3e4ad196756c797cdbccf0d770a9ae2d | Triage

Sharing

General

Target

5985c29519f1018a7c1c016f24ce4ddf3e4ad196756c797cdbccf0d770a9ae2d
Size

96KB
Sample

241120-w28sta1kgx
MD5

97ac12de811009f553856a7665fa07f2
SHA1

e1d7c98dd8f1925d7ebf2b97de59b2be25fc905c
SHA256

5985c29519f1018a7c1c016f24ce4ddf3e4ad196756c797cdbccf0d770a9ae2d
SHA512

20e51f3311ae6684c19a16787ce05fd14fa1a7a23536bcdd3b992e3eeb1b5f3e460eded0594949ed02257f222a0b7b2731d2120404a138f39b4d56c41fb8d83b
SSDEEP

1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3Z:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgh

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/

xlm40.dropper

http://greycoconut.com/edm/71qUA/

xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/

xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

- Target
  
  5985c29519f1018a7c1c016f24ce4ddf3e4ad196756c797cdbccf0d770a9ae2d
- Size
  
  96KB
- MD5
  
  97ac12de811009f553856a7665fa07f2
- SHA1
  
  e1d7c98dd8f1925d7ebf2b97de59b2be25fc905c
- SHA256
  
  5985c29519f1018a7c1c016f24ce4ddf3e4ad196756c797cdbccf0d770a9ae2d
- SHA512
  
  20e51f3311ae6684c19a16787ce05fd14fa1a7a23536bcdd3b992e3eeb1b5f3e460eded0594949ed02257f222a0b7b2731d2120404a138f39b4d56c41fb8d83b
- SSDEEP
  
  1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm3Z:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgh
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2