Overview

overview

10

Static

static

8

36eb7eacf7...47.xls

windows7-x64

10

36eb7eacf7...47.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36eb7eacf7be5a35935073d30e277a00b7cc4879b248587f62c3bcaa448bf147

  • Size

    56KB

  • Sample

    241120-2ed8ksvame

  • MD5

    c0940c4357725c628c9c73b9c48e8c42

  • SHA1

    79f1f61e9cc3a7fb17db987a445ce120c384af7c

  • SHA256

    36eb7eacf7be5a35935073d30e277a00b7cc4879b248587f62c3bcaa448bf147

  • SHA512

    46a6216bfc597e643b5a9c7c8ba735c70e94de48a41c04ab83b0e6a8d1323ec2a380909493608a75a34e54d1d1895113aa50407463fac3960f25fd2d8021a7b0

  • SSDEEP

    1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4XsvW:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgq

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dharian.org/_sharedtemplates/D3QgytUZsO7korYQrG/
xlm40.dropper

http://digitalripple.com/scripts/4ovLPfq/

Targets

    • Target

      36eb7eacf7be5a35935073d30e277a00b7cc4879b248587f62c3bcaa448bf147

    • Size

      56KB

    • MD5

      c0940c4357725c628c9c73b9c48e8c42

    • SHA1

      79f1f61e9cc3a7fb17db987a445ce120c384af7c

    • SHA256

      36eb7eacf7be5a35935073d30e277a00b7cc4879b248587f62c3bcaa448bf147

    • SHA512

      46a6216bfc597e643b5a9c7c8ba735c70e94de48a41c04ab83b0e6a8d1323ec2a380909493608a75a34e54d1d1895113aa50407463fac3960f25fd2d8021a7b0

    • SSDEEP

      1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4XsvW:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgq

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks