Overview

overview

10

Static

static

8

eccbf3a26a...2f.xls

windows7-x64

10

eccbf3a26a...2f.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eccbf3a26af7b9ab2f772f17b1a69311b369c98af8beb0aa53b330b04123952f

  • Size

    56KB

  • Sample

    241120-2p6qksvcpg

  • MD5

    6a2ccbb1f2307a9600f0adfc343246ff

  • SHA1

    d968a7f7b4d37b4e74740a4879986194a3acd9b2

  • SHA256

    eccbf3a26af7b9ab2f772f17b1a69311b369c98af8beb0aa53b330b04123952f

  • SHA512

    8fa07b2727a29557c8aad0858d1875157e505739265ece08863a9ac283db0a0d432130a1d5268acc03a7ba92689a1c896e48a1ba16e76d6b81a9d05378fb90dc

  • SSDEEP

    1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4Xsv2:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgK

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dharian.org/_sharedtemplates/D3QgytUZsO7korYQrG/
xlm40.dropper

http://digitalripple.com/scripts/4ovLPfq/

Targets

    • Target

      eccbf3a26af7b9ab2f772f17b1a69311b369c98af8beb0aa53b330b04123952f

    • Size

      56KB

    • MD5

      6a2ccbb1f2307a9600f0adfc343246ff

    • SHA1

      d968a7f7b4d37b4e74740a4879986194a3acd9b2

    • SHA256

      eccbf3a26af7b9ab2f772f17b1a69311b369c98af8beb0aa53b330b04123952f

    • SHA512

      8fa07b2727a29557c8aad0858d1875157e505739265ece08863a9ac283db0a0d432130a1d5268acc03a7ba92689a1c896e48a1ba16e76d6b81a9d05378fb90dc

    • SSDEEP

      1536:VsKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgx5G9XSZ4Xsv2:aKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgK

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks