Overview

overview

10

Static

static

8

7563569b2c...c0.xls

windows7-x64

10

7563569b2c...c0.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7563569b2c5bfe5126ef2970e72e0f70f1c6afbff771c399f1d66ce22cdd6dc0

  • Size

    67KB

  • Sample

    241119-ydwjpawlcj

  • MD5

    741131c307b34deb0610f69f7f478500

  • SHA1

    0ef4db6a3b266064dbae5e90bcb7ba764d69afc7

  • SHA256

    7563569b2c5bfe5126ef2970e72e0f70f1c6afbff771c399f1d66ce22cdd6dc0

  • SHA512

    13dfa544dc9410ac8d1c742af3563b08440a7b21ac88f209e258bd641b7c6e4ab7c7b9d4bda7332330cde6b9bf39506dad0868cc6fe69fa53b7794d6c0f8cee8

  • SSDEEP

    1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtw:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMY

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
xlm40.dropper

http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
xlm40.dropper

http://masyuk.com/581voyze/MlX/
xlm40.dropper

http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/

Targets

    • Target

      7563569b2c5bfe5126ef2970e72e0f70f1c6afbff771c399f1d66ce22cdd6dc0

    • Size

      67KB

    • MD5

      741131c307b34deb0610f69f7f478500

    • SHA1

      0ef4db6a3b266064dbae5e90bcb7ba764d69afc7

    • SHA256

      7563569b2c5bfe5126ef2970e72e0f70f1c6afbff771c399f1d66ce22cdd6dc0

    • SHA512

      13dfa544dc9410ac8d1c742af3563b08440a7b21ac88f209e258bd641b7c6e4ab7c7b9d4bda7332330cde6b9bf39506dad0868cc6fe69fa53b7794d6c0f8cee8

    • SSDEEP

      1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtw:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMY

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks