Overview

overview

10

Static

static

8

document-1...60.xls

windows7_x64

10

document-1...60.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1859035960.xls

  • Size

    85KB

  • Sample

    210302-edks6rsen6

  • MD5

    df930b0eb5f6538a38ee6e085c3052e2

  • SHA1

    d69e1330b5736741f7133ae5cb07ce14e9fa2b5b

  • SHA256

    4656121847b15209ebc9f66f0935524de4525195aa6d78e322b88402a5b9a298

  • SHA512

    4d980ccaad716d1b9d7c66eed90b94d4b9852e9fc124cc07dd40620e94df8c4ab3c577d7e5da248c39ae2fa5362d0fc8bda32f88d2d46233cf5096684848d04d

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://ugrl28bxsnh02kohk.com/mrch.gif

Targets

    • Target

      document-1859035960.xls

    • Size

      85KB

    • MD5

      df930b0eb5f6538a38ee6e085c3052e2

    • SHA1

      d69e1330b5736741f7133ae5cb07ce14e9fa2b5b

    • SHA256

      4656121847b15209ebc9f66f0935524de4525195aa6d78e322b88402a5b9a298

    • SHA512

      4d980ccaad716d1b9d7c66eed90b94d4b9852e9fc124cc07dd40620e94df8c4ab3c577d7e5da248c39ae2fa5362d0fc8bda32f88d2d46233cf5096684848d04d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks