Overview

overview

10

Static

static

8

3c1aea9f7c...03.xls

windows7-x64

10

3c1aea9f7c...03.xls

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3c1aea9f7c029c6d1560af5cbd680746b4b99382001485732f28bc770611b103

  • Size

    67KB

  • Sample

    241120-2kplhavbng

  • MD5

    4ca50d67a7178b9c58cdb91b5bff281d

  • SHA1

    47961da73c3aaf70d910251ef4ec507765f59190

  • SHA256

    3c1aea9f7c029c6d1560af5cbd680746b4b99382001485732f28bc770611b103

  • SHA512

    c2dca9a8ddcf339f0d08ce8e4d8c0b102a2fac44e9d6983058db343ad169f8e509dec4d7512fb767ae15afaa9dedec18cc8c657d34304b86519b4e327fcb9b7e

  • SSDEEP

    1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtg:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMI

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
xlm40.dropper

http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
xlm40.dropper

http://masyuk.com/581voyze/MlX/
xlm40.dropper

http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/

Targets

    • Target

      3c1aea9f7c029c6d1560af5cbd680746b4b99382001485732f28bc770611b103

    • Size

      67KB

    • MD5

      4ca50d67a7178b9c58cdb91b5bff281d

    • SHA1

      47961da73c3aaf70d910251ef4ec507765f59190

    • SHA256

      3c1aea9f7c029c6d1560af5cbd680746b4b99382001485732f28bc770611b103

    • SHA512

      c2dca9a8ddcf339f0d08ce8e4d8c0b102a2fac44e9d6983058db343ad169f8e509dec4d7512fb767ae15afaa9dedec18cc8c657d34304b86519b4e327fcb9b7e

    • SSDEEP

      1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtg:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMI

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks