Overview

overview

10

Static

static

8

?i=1eplqadwm.xls

windows7_x64

10

?i=1eplqadwm.xls

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ?i=1eplqadwm

  • Size

    106KB

  • Sample

    220503-n3f57adee2

  • MD5

    db64d5b887a8228c75b3b7bdadc0245e

  • SHA1

    38f8f6163b8620f23e380faed62f8fe39521da13

  • SHA256

    62aa0bc0617f8f40908642b1e9b933ef99c9b9a46e7fd061ad689eff28a438fa

  • SHA512

    5ae443ee355b785e19dd5cd8695d9523e02080fdb36b8a465e56a8e667f081fd44a888d579597ea573e4d8dedd747df3d1943e2f150f01e81939bba0ba3117a8

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dougveeder.com/cgi-bin/xJ91ZttGRioQ7IUL/

Targets

    • Target

      ?i=1eplqadwm

    • Size

      106KB

    • MD5

      db64d5b887a8228c75b3b7bdadc0245e

    • SHA1

      38f8f6163b8620f23e380faed62f8fe39521da13

    • SHA256

      62aa0bc0617f8f40908642b1e9b933ef99c9b9a46e7fd061ad689eff28a438fa

    • SHA512

      5ae443ee355b785e19dd5cd8695d9523e02080fdb36b8a465e56a8e667f081fd44a888d579597ea573e4d8dedd747df3d1943e2f150f01e81939bba0ba3117a8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks