Overview

overview

10

Static

static

8

document-5...53.xls

windows7_x64

10

document-5...53.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-567032353.xls

  • Size

    138KB

  • Sample

    210312-kpe4c7snqe

  • MD5

    b5e91e716e503c5e5d445656e5368ac5

  • SHA1

    2e18724490e26f691f63566e0790a954ea804df1

  • SHA256

    b1adc0e4c33e43ad02bb08a81416ff729237567ac44629df606ee67200e48499

  • SHA512

    d6c33129de8be1403f157959062308d9ac7aa49f16be6b34b7be03c6e43cc9aede6c20669c02e73cdfd3f6108666fd8014500b7e2f65a30e43c4aa9c245b6ff4

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://nvelj12qyyfi03kqxy.xyz/i.gif

Targets

    • Target

      document-567032353.xls

    • Size

      138KB

    • MD5

      b5e91e716e503c5e5d445656e5368ac5

    • SHA1

      2e18724490e26f691f63566e0790a954ea804df1

    • SHA256

      b1adc0e4c33e43ad02bb08a81416ff729237567ac44629df606ee67200e48499

    • SHA512

      d6c33129de8be1403f157959062308d9ac7aa49f16be6b34b7be03c6e43cc9aede6c20669c02e73cdfd3f6108666fd8014500b7e2f65a30e43c4aa9c245b6ff4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks