Overview

overview

10

Static

static

8

document-8...05.xls

windows7_x64

10

document-8...05.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attached (56).zip

  • Size

    14KB

  • Sample

    210302-t1t16xpba6

  • MD5

    e3de3b5834ccadaa8518a0c94400319c

  • SHA1

    8e7d8674d93485ab9747306785e5e9bc4df7d1f0

  • SHA256

    11b1f238f60840ab9c4b060e99da8c4c3c3fd35f329e441d9db804f978af3a9b

  • SHA512

    e9adc9f5a46457938e4715900ab8c829ad3cf3e80f52d5e2241151b7e27c50d80edc047bf5547327fb5486f63069aec8b6918458867895c094a597337fa1e7fb

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://hqn27dyhvwp02wznv.com/fedara.gif

Targets

    • Target

      document-868605305.xls

    • Size

      85KB

    • MD5

      3c449cac02e0d055aa14003e9db9bc33

    • SHA1

      a45d179b294dab072de426a628f9a085363a94e6

    • SHA256

      1f8fdcf8399921ac4beeda4f753224ffb0679bb2a6780e407e989cd0336467ca

    • SHA512

      3298eb6dc394b5fc40dfe6a00cf624284d0274de87b7821ed9b14c5cc0aedf595d60a7a1a226d5981367420ec00fd1537a770473c7dee411376a8f0b752e4823

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks