Overview

overview

10

Static

static

8

document-1...59.xls

windows7_x64

10

document-1...59.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-1783924759.xls

  • Size

    138KB

  • Sample

    210313-wam55lwgje

  • MD5

    203f055dbb16ce624200ea1c9c5d4cff

  • SHA1

    bc43a488c0c16206865de2b3014c124648f4a9e5

  • SHA256

    c5f99795ec9ae1e1ec8cb34e4c5ffbd9a3f85f876fecdd1941504411a60afc08

  • SHA512

    5b6df0571f4e52670078cfd3f80ff06827a8a98331039673f4c78dbf95383a69d7d5e7be25b5ad103e07ba93859c70df7a770908013d690e278f9d0752882fb6

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://nvelj12qyyfi03kqxy.xyz/i.gif

Targets

    • Target

      document-1783924759.xls

    • Size

      138KB

    • MD5

      203f055dbb16ce624200ea1c9c5d4cff

    • SHA1

      bc43a488c0c16206865de2b3014c124648f4a9e5

    • SHA256

      c5f99795ec9ae1e1ec8cb34e4c5ffbd9a3f85f876fecdd1941504411a60afc08

    • SHA512

      5b6df0571f4e52670078cfd3f80ff06827a8a98331039673f4c78dbf95383a69d7d5e7be25b5ad103e07ba93859c70df7a770908013d690e278f9d0752882fb6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks