Overview

overview

10

Static

static

8

document-1...50.xls

windows7_x64

10

document-1...50.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1224805550.xls

  • Size

    138KB

  • Sample

    210312-a28tm9meps

  • MD5

    dd9935b1bee18e9c31106499f0fb1f5e

  • SHA1

    a9caa0b8961e9615e24e2e8d41e76f03473643e0

  • SHA256

    96e5d2128071329d86d6717cf59a4eb2e6cb5ec8bc04705ce5268fd7b8a6c5af

  • SHA512

    5ccd7934819ac48140574713c63a9dd1cdbbfdc74b07458490718dd079c7fa412c11ca25c21206134b42195365ffbfa0891a52354c50bc3d6fbdf30ad5f78419

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://bqx12lnjk03rrdio.xyz/i.gif

Targets

    • Target

      document-1224805550.xls

    • Size

      138KB

    • MD5

      dd9935b1bee18e9c31106499f0fb1f5e

    • SHA1

      a9caa0b8961e9615e24e2e8d41e76f03473643e0

    • SHA256

      96e5d2128071329d86d6717cf59a4eb2e6cb5ec8bc04705ce5268fd7b8a6c5af

    • SHA512

      5ccd7934819ac48140574713c63a9dd1cdbbfdc74b07458490718dd079c7fa412c11ca25c21206134b42195365ffbfa0891a52354c50bc3d6fbdf30ad5f78419

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks