7a7688cd6f7077b47529fd6263bcc395b91b0966492aa71fad97580edfa8f862 | Triage

Sharing

General

Target

7a7688cd6f7077b47529fd6263bcc395b91b0966492aa71fad97580edfa8f862
Size

71KB
Sample

241121-a3r1ssxjhs
MD5

7d7d21d0c976b9711aa88f72bacc8f13
SHA1

544b7bd2a8422f013cdd5dd85d679fbf1d4ca486
SHA256

7a7688cd6f7077b47529fd6263bcc395b91b0966492aa71fad97580edfa8f862
SHA512

df1c0634912caff5ad17ef2a1ed47a2f6c2a7348887cff482ce089aff883c1f08d7c8b679709243aa33ed36b491faf3844488c1e4d5fde5bb27d534cff5acfe8
SSDEEP

1536:DhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+gH+hDcnTLiQrRTZws8EYO:FKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMv

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://papillonweb.fr/wp-content/G8z08q0mj/

xlm40.dropper

http://brennanasia.com/images/6IwPBHbnUvfgugV1b/

xlm40.dropper

https://estacioesportivavilanovailageltru.cat/tmp/IgSyqwgJmE/

Targets

- Target
  
  7a7688cd6f7077b47529fd6263bcc395b91b0966492aa71fad97580edfa8f862
- Size
  
  71KB
- MD5
  
  7d7d21d0c976b9711aa88f72bacc8f13
- SHA1
  
  544b7bd2a8422f013cdd5dd85d679fbf1d4ca486
- SHA256
  
  7a7688cd6f7077b47529fd6263bcc395b91b0966492aa71fad97580edfa8f862
- SHA512
  
  df1c0634912caff5ad17ef2a1ed47a2f6c2a7348887cff482ce089aff883c1f08d7c8b679709243aa33ed36b491faf3844488c1e4d5fde5bb27d534cff5acfe8
- SSDEEP
  
  1536:DhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+gH+hDcnTLiQrRTZws8EYO:FKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMv
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2