Overview

overview

10

Static

static

8

document-1...48.xls

windows7_x64

10

document-1...48.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1872522448.xls

  • Size

    85KB

  • Sample

    210302-71c74ehsxa

  • MD5

    acc95030786bcdecaf60729fa3a79f53

  • SHA1

    25f6772c9663def3a977c5176c3e95dc430e2250

  • SHA256

    7d420d8395f8b5c904a27079988cd67b715b55cc2f910bb678c67f70f821ec5a

  • SHA512

    f4185b0cd53275065e3225e2bc30ea82eb9ea01d4465b7465e690001b87d1b048f9265a0861d6bfce941761577ab3e37d746004768a5f5bb4e17797b82ce46af

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://emqjj27ljgl02hqqzi.com/fedara.gif

Targets

    • Target

      document-1872522448.xls

    • Size

      85KB

    • MD5

      acc95030786bcdecaf60729fa3a79f53

    • SHA1

      25f6772c9663def3a977c5176c3e95dc430e2250

    • SHA256

      7d420d8395f8b5c904a27079988cd67b715b55cc2f910bb678c67f70f821ec5a

    • SHA512

      f4185b0cd53275065e3225e2bc30ea82eb9ea01d4465b7465e690001b87d1b048f9265a0861d6bfce941761577ab3e37d746004768a5f5bb4e17797b82ce46af

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks