Overview

overview

10

Static

static

8

b5c6efb7ae...14.xls

windows7-x64

10

b5c6efb7ae...14.xls

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b5c6efb7aee82fcc0d2e60b31e339d14

  • Size

    36KB

  • Sample

    240305-118hwabh69

  • MD5

    b5c6efb7aee82fcc0d2e60b31e339d14

  • SHA1

    ff3491f209c1a2eee5f3eced2c72adfa94015830

  • SHA256

    2eca87606545ad7477f97570095549ce010803a56301708fe424edc2f405eb13

  • SHA512

    973b7163f21374b3d76a74a78260e2bb1ebd32318533f246d567e331122ddd070b04e2d9256ba166d4a4e2ff17f268c886af3ca598f955ff46a730f7ba84017d

  • SSDEEP

    768:0PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJbOQlgDMlNdZ:wok3hbdlylKsgqopeJBWhZFGkE+cL2NE

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://markens.online/wp-data.php
xlm40.dropper

https://statedauto.com/wp-data.php

Targets

    • Target

      b5c6efb7aee82fcc0d2e60b31e339d14

    • Size

      36KB

    • MD5

      b5c6efb7aee82fcc0d2e60b31e339d14

    • SHA1

      ff3491f209c1a2eee5f3eced2c72adfa94015830

    • SHA256

      2eca87606545ad7477f97570095549ce010803a56301708fe424edc2f405eb13

    • SHA512

      973b7163f21374b3d76a74a78260e2bb1ebd32318533f246d567e331122ddd070b04e2d9256ba166d4a4e2ff17f268c886af3ca598f955ff46a730f7ba84017d

    • SSDEEP

      768:0PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJbOQlgDMlNdZ:wok3hbdlylKsgqopeJBWhZFGkE+cL2NE

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks