Overview

overview

10

Static

static

8

document-1...08.xls

windows7_x64

10

document-1...08.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attached (15).zip

  • Size

    14KB

  • Sample

    210302-tkyb18c6nx

  • MD5

    4cca3412d703e539f040b36a336bd8fb

  • SHA1

    6d3d68e6ef07d189616ade7d9cd84116e903d116

  • SHA256

    19f0a4a252ad697e568216701a03d2f8b1dd0040c37f8032061339bc43d8308d

  • SHA512

    14d0712c862f05b7d026eaeb85778a7de7cf721604788fe95a32f971f1e2b06b62dcd766f3c02df0b0f028eea35f0f485b18b3c91a8417189c7a1f2aaf69b3ab

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://pxiw28jgmb02slcqxq.com/mrch.gif

Targets

    • Target

      document-1551246108.xls

    • Size

      85KB

    • MD5

      30d36ee1bdbeb86d6366d54f3ce8d822

    • SHA1

      c2ed37046cc1b82ef2dfc62bd84275888f127176

    • SHA256

      5ffcee9d0fa56bdf17e46baf7663135939809177f8e1b08033cddf30dad3a766

    • SHA512

      455fd9266b615e8b31c9d2da07f59d2f5155c5fd531e55912af1cf206f5479811f0dfd468fdbbc87d88d366ea829b77e58265cb6acb835032813576c6944a3c5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks