Overview

overview

10

Static

static

8

73ff76b451...3.xlsm

windows7-x64

10

73ff76b451...3.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73ff76b45106cd98edabf412d086f2f6f9a60579c0e2546aa2e9264280fadcf3

  • Size

    37KB

  • Sample

    241119-wb9x7azdjr

  • MD5

    dd3d9903f4bc68de97928de632fd8499

  • SHA1

    35d3e2f220d72b25da5e7941ed6e38a267cf6b9d

  • SHA256

    73ff76b45106cd98edabf412d086f2f6f9a60579c0e2546aa2e9264280fadcf3

  • SHA512

    7b1e8a124281e3e733ee87ca289e36b2c4f73865a4f2a066f7dd6e3a43f20abfcda935d25261bc2e9133a3ea3463423508391b8d0c1cbbbfc3a52cf9590f6818

  • SSDEEP

    768:oP2/Mvd5dhTRdixmxE7l0VGpevZCw4QvmUxjfC30+kS4QyoX0Vyuvcc:oP2md5ZymxE7WRXYk4pEVyux

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://sp.mongoso.com/wp-content/pFP2GJ7/
xlm40.dropper

https://thetrendskill.com/wp-content/qDxBsanOsoImjuE5p8kCUI/
xlm40.dropper

http://houseofgiving.org/vu351/s5R18Bad10PT9XI6CSrcZ/%20

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://sp.mongoso.com/wp-content/pFP2GJ7/
xlm40.dropper

https://thetrendskill.com/wp-content/qDxBsanOsoImjuE5p8kCUI/

Targets

    • Target

      73ff76b45106cd98edabf412d086f2f6f9a60579c0e2546aa2e9264280fadcf3

    • Size

      37KB

    • MD5

      dd3d9903f4bc68de97928de632fd8499

    • SHA1

      35d3e2f220d72b25da5e7941ed6e38a267cf6b9d

    • SHA256

      73ff76b45106cd98edabf412d086f2f6f9a60579c0e2546aa2e9264280fadcf3

    • SHA512

      7b1e8a124281e3e733ee87ca289e36b2c4f73865a4f2a066f7dd6e3a43f20abfcda935d25261bc2e9133a3ea3463423508391b8d0c1cbbbfc3a52cf9590f6818

    • SSDEEP

      768:oP2/Mvd5dhTRdixmxE7l0VGpevZCw4QvmUxjfC30+kS4QyoX0Vyuvcc:oP2md5ZymxE7WRXYk4pEVyux

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks