General

  • Target

    4396fe695b10f69b6ce85a1fde0860b372d4524c946ecb2a017c8e93b4261522.xls

  • Size

    91KB

  • Sample

    221109-wps7labab5

  • MD5

    8da64785e095e3a9accfc29aa96253fd

  • SHA1

    d09a1a6f2048d47a24dd70c5c3e71ad1a4e2e38a

  • SHA256

    4396fe695b10f69b6ce85a1fde0860b372d4524c946ecb2a017c8e93b4261522

  • SHA512

    f4501b06a3abcb31d69c2ab583e241544601c6e1b5dd1dc56994815f821c84f2c2f264c7c1f74e8aeb932b74d3ec1ba54475513a53e9a91dd0d475d577b3ba6f

  • SSDEEP

    1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2bCXuZH4gb4CEn9J4Z2cvp:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dge

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://bundlefilm.com/headers/lkfBH3Czw9CjEW07P2/

xlm40.dropper

http://camsanparke.net/wp-content/h2Ja5bwB03hnyfCb/

xlm40.dropper

http://royreid.co.uk/wp-content/dCwG/

xlm40.dropper

https://cs.com.sg/admin/a1lR5wu/

Targets

    • Target

      4396fe695b10f69b6ce85a1fde0860b372d4524c946ecb2a017c8e93b4261522.xls

    • Size

      91KB

    • MD5

      8da64785e095e3a9accfc29aa96253fd

    • SHA1

      d09a1a6f2048d47a24dd70c5c3e71ad1a4e2e38a

    • SHA256

      4396fe695b10f69b6ce85a1fde0860b372d4524c946ecb2a017c8e93b4261522

    • SHA512

      f4501b06a3abcb31d69c2ab583e241544601c6e1b5dd1dc56994815f821c84f2c2f264c7c1f74e8aeb932b74d3ec1ba54475513a53e9a91dd0d475d577b3ba6f

    • SSDEEP

      1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2bCXuZH4gb4CEn9J4Z2cvp:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dge

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v6

Tasks