Overview

overview

10

Static

static

8

document-1...82.xls

windows7_x64

10

document-1...82.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    paper (52).zip

  • Size

    14KB

  • Sample

    210302-jp4h5tpvta

  • MD5

    90418b4735ac11d4dfc82f13ed4395bb

  • SHA1

    25cfda2cc5c98e254a5dc4a0511c81a2eb7d7b6a

  • SHA256

    e0031229c3118769a5be7350e8dcf28be286d9ce8af5300f0bcbe48063b6cb10

  • SHA512

    3b7d43ad8f1de0586a7858c242c8b3d75c47240a79c73eff7b865e7554dc7b741950f808c29fe33e8144445d1bad7fc7be9b0b5a8751cdbee46a0b16cd13e777

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://emqjj27ljgl02hqqzi.com/fedara.gif

Targets

    • Target

      document-1334286082.xls

    • Size

      85KB

    • MD5

      3d390ed85230e0993f11d6fd84c990cc

    • SHA1

      40b5de3a13062d039449f556e88a93c9d913b581

    • SHA256

      e2157c05ff4bdd302c712aaa759b2ec78b07e71499e0c56fb81de6a4a872547e

    • SHA512

      57dfaafa395e39adb133fff592740c551ffd942bfe71e076baa5a701d1140abecf2b1336d010c11e3773006625e7ae7c54bdd48b524213c8dbe432696f8aeaa1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks