Overview

overview

10

Static

static

8

92C25CYW5XDC.xlsm

windows7_x64

10

92C25CYW5XDC.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92C25CYW5XDC.xlsm

  • Size

    102KB

  • Sample

    211209-z7wl8aebb5

  • MD5

    e01658f40196c8810a4b654d10212ade

  • SHA1

    caed09b776174509351dfe57e87325cacee7c69d

  • SHA256

    0d93a4f12d6e52dd86f8194dc522bdf7b6c4724898e929e12943c15cef4f3aa9

  • SHA512

    5e502a8d00aa91155e4725323b9f7b073537565a1b185e8a8cce12259b6c7300aebabd8ef776280cecb85b451999742a5bde4ad1a460f12fec0d9c7e7158a666

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://singsamut.ac.th/00-----26phj/ws1iGhQ/ws1iGhQ/

Targets

    • Target

      92C25CYW5XDC.xlsm

    • Size

      102KB

    • MD5

      e01658f40196c8810a4b654d10212ade

    • SHA1

      caed09b776174509351dfe57e87325cacee7c69d

    • SHA256

      0d93a4f12d6e52dd86f8194dc522bdf7b6c4724898e929e12943c15cef4f3aa9

    • SHA512

      5e502a8d00aa91155e4725323b9f7b073537565a1b185e8a8cce12259b6c7300aebabd8ef776280cecb85b451999742a5bde4ad1a460f12fec0d9c7e7158a666

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks