274c1cdcf3ddf36b8a8838a1117757c89bd150a04977950b2121b2c3fd448c0e | Triage

Sharing

General

Target

274c1cdcf3ddf36b8a8838a1117757c89bd150a04977950b2121b2c3fd448c0e.zip
Size

276KB
Sample

250325-q15f4szq16
MD5

594624ddfd28287c527a29f38b06e44a
SHA1

643c33dc6bd51a9ef4356a8f67c5954828daf250
SHA256

274c1cdcf3ddf36b8a8838a1117757c89bd150a04977950b2121b2c3fd448c0e
SHA512

d19a35f420cc30f9b628133fdf037b8260eaedc2c3e6bb354f8713d8e7689492bdec3704c28f5909c51412cb29bcf7f2bb2845eb6e343fb7850507600eee6c72
SSDEEP

6144:IOAZ5m+gWjJ3f/Bfffa2WcYtq+EIXVgJ8OdqIH8HNOUMvTy53:IB5m+nF3Vffa2IM+Eie8OFWOUQTy53

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

xlm4.0

Source

Targets

- Target
  
  bfda0fd527a9edc50cc1f452a049e8d45c8ec15ffbc3413d7d452ea532853fe7.xls
- Size
  
  331KB
- MD5
  
  41eff85301490dbeb8e47d4a981b5f4a
- SHA1
  
  a67f4873613499af5589ce3e13baf14b43021d21
- SHA256
  
  bfda0fd527a9edc50cc1f452a049e8d45c8ec15ffbc3413d7d452ea532853fe7
- SHA512
  
  f7563f98341d1250506ccfbc089fbf5d30939dbd2c3b16bfd517c8822554381ed624ec157cd46514214717690488db759e0e4eb42748c334ac0863fee6d87429
- SSDEEP
  
  6144:LcKoSsxzNDZLDZjlbR868O8Kfc03pXpFq7uDphYHceXVhca+fMHLty/x2zZ8kpTT:gizo8RnsIROnr6n75Y1m9
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2