Overview

overview

10

Static

static

8

MedWin.xls

windows7-x64

10

MedWin.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a9aac9f55670caedfe33e20159a8baeda581dc3f62f86a2e547d7b4017e9cfc

  • Size

    60KB

  • Sample

    241120-1mmz1stdrf

  • MD5

    fd591f11cd0357fa1553a6f2f6898058

  • SHA1

    90ac34be36685b69a00d1fb517b0c263fedc455a

  • SHA256

    0a9aac9f55670caedfe33e20159a8baeda581dc3f62f86a2e547d7b4017e9cfc

  • SHA512

    aace4e1f1ab1f0f1c5afe943ba27bbef6675c9dfe7106b9e6dc8e0095a8a35fdc8873deabdc308af839f36703114ff00425b7b6eac37eca81093d2ce110cb62a

  • SSDEEP

    768:hXTJ1WeFGk/HmC5+abzpB+tqnciAyBsPb8P+3nIZ3I9x8q/xV850v49xsx0Vv3Oj:hXtXH59/hcQOU+XIZ3Sxa0vMax0VPO6w

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://filecabinet.digitalechoes.co.uk/wp-admin/NC/

Targets

    • Target

      MedWin.xls

    • Size

      104KB

    • MD5

      9f2a3f3ff7c400069f011102ba88560f

    • SHA1

      7cd0d84516db5b598549df82f4a427dd32cd3e1d

    • SHA256

      f79f56d7a2467d6f73e634be22ac623ee658aa9778b34f23913f9749a2fdd26c

    • SHA512

      80dc9955db7fd513db41d05f33ae4a2b713029a649d71ae01d2f1486d12af2a604525e920cd7ab22002b83833aa4322e16eca16dceffaacc0dd25569bf77f46c

    • SSDEEP

      3072:yWKpbdrHYrMue8q7QPX+5xtekEdi8/dgeJ0depMHwGGqd4Mk:nKpbdrHYrMue8q7QPX+5xtFEdi8/dgeN

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks