Overview

overview

10

Static

static

8

dc0a20d26e...00.xls

windows7-x64

10

dc0a20d26e...00.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc0a20d26e10cc3f56ba9fde2152fcd3c36bc68151df21e81c8042c7bbc66000

  • Size

    96KB

  • Sample

    241119-xghassvmhr

  • MD5

    8dd80b68cd829c38fc8eab33a00e45af

  • SHA1

    1cbc4d4e39007a0da1840cd61b625a8ec4feab3c

  • SHA256

    dc0a20d26e10cc3f56ba9fde2152fcd3c36bc68151df21e81c8042c7bbc66000

  • SHA512

    a72431c2d4e5e82aaaa2fe2bcbd0cc41bc2ac0085400c771c993845b84eab11609a56f9485bf4ab994500603632b1b4cb733c40ecba6ceffb097c00e24304d7b

  • SSDEEP

    1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmOuB:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgU

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aysbody.com/catalog/fKIbKAcI81pVn/
xlm40.dropper

http://www.birebiregitim.net/wp-includes/mpaZ6zBj3IAJcx/
xlm40.dropper

http://fashionbyprincessmelodicaah.com/4185PINT/79YtAbiNx92iI/
xlm40.dropper

https://pccurico.cl/wp-admin/x3kyR3u8ARXStL7/

Targets

    • Target

      dc0a20d26e10cc3f56ba9fde2152fcd3c36bc68151df21e81c8042c7bbc66000

    • Size

      96KB

    • MD5

      8dd80b68cd829c38fc8eab33a00e45af

    • SHA1

      1cbc4d4e39007a0da1840cd61b625a8ec4feab3c

    • SHA256

      dc0a20d26e10cc3f56ba9fde2152fcd3c36bc68151df21e81c8042c7bbc66000

    • SHA512

      a72431c2d4e5e82aaaa2fe2bcbd0cc41bc2ac0085400c771c993845b84eab11609a56f9485bf4ab994500603632b1b4cb733c40ecba6ceffb097c00e24304d7b

    • SSDEEP

      1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmOuB:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgU

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks