Overview

overview

10

Static

static

8

Invoice-59...4.xlsb

windows7_x64

10

Invoice-59...4.xlsb

windows10_x64

10

Resubmissions

09-12-2021 18:02

211209-wmyz3aeefp 10

09-12-2021 13:52

211209-q6fpyadeck 10

18-10-2021 09:36

211018-lkztgaecbm 10

04-10-2021 17:53

211004-wgpjfaggb4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice-5959498320211004.xlsb

  • Size

    132KB

  • Sample

    211209-wmyz3aeefp

  • MD5

    887bc475305003bdc34e671a2f3bd080

  • SHA1

    7625f787be7479bf54addeff0ce7107cf0f59f23

  • SHA256

    7e0b4b26bafd471703fac1db25b24936230aecad95732e66420184d717a111ee

  • SHA512

    efb52e8c1fdf6e7cbc80b951220e25c78be0aad5c24b732696784b9b4d5d2c7a284df11fb0f524f64fa3f39a887069599c91f5233062d2aa8c01617104dd9ccd

Score
10/10
macroxlm

Malware Config

Targets

    • Target

      Invoice-5959498320211004.xlsb

    • Size

      132KB

    • MD5

      887bc475305003bdc34e671a2f3bd080

    • SHA1

      7625f787be7479bf54addeff0ce7107cf0f59f23

    • SHA256

      7e0b4b26bafd471703fac1db25b24936230aecad95732e66420184d717a111ee

    • SHA512

      efb52e8c1fdf6e7cbc80b951220e25c78be0aad5c24b732696784b9b4d5d2c7a284df11fb0f524f64fa3f39a887069599c91f5233062d2aa8c01617104dd9ccd

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks