Overview

overview

10

Static

static

8

document-94616021.xls

windows7_x64

10

document-94616021.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-94616021.xls

  • Size

    164KB

  • Sample

    210316-qyg5x3bjpa

  • MD5

    bcd6f978f83b1f6e0041767d01b0a774

  • SHA1

    b1e9bbe7f60ac9a120bc22e72c85e4b74abebb91

  • SHA256

    1d9ace126ddd51f337a0c34ea38bcbfa6e9512e71b221f2fa1575e7ce675f23b

  • SHA512

    46594faa1cc887be87f70ebe203d1e1702c822c15df3dec8fa5d8e4f12e67c45f1130d3dd225a30081adaffbf37dd6686c81b877b858e54a7741fb63ab7b6cde

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://uqw16atsxge03cbwwx.com/summer.gif

Targets

    • Target

      document-94616021.xls

    • Size

      164KB

    • MD5

      bcd6f978f83b1f6e0041767d01b0a774

    • SHA1

      b1e9bbe7f60ac9a120bc22e72c85e4b74abebb91

    • SHA256

      1d9ace126ddd51f337a0c34ea38bcbfa6e9512e71b221f2fa1575e7ce675f23b

    • SHA512

      46594faa1cc887be87f70ebe203d1e1702c822c15df3dec8fa5d8e4f12e67c45f1130d3dd225a30081adaffbf37dd6686c81b877b858e54a7741fb63ab7b6cde

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks