Overview

overview

10

Static

static

8

f354b73f86...a8.xls

windows7-x64

10

f354b73f86...a8.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f354b73f8696c401171ba3e75b9a771ace73c34a24088b05abafefdfb77c04a8

  • Size

    77KB

  • Sample

    241120-2sp71avdjh

  • MD5

    092c3315ec4ba8739afa849dc02a0d17

  • SHA1

    082cdf2623237670c697ba6e43347aadb36ff2cc

  • SHA256

    f354b73f8696c401171ba3e75b9a771ace73c34a24088b05abafefdfb77c04a8

  • SHA512

    465d2a5d7a861aa63f5135a1db80e4dc3a66282009ba5e3d83729e663eca02723b93e42aa21dc912b987c30053fb1e0c494e3c9278fbbdca4d0ef0ebea036ad3

  • SSDEEP

    1536:ASKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW2+hD8nTLqQrRrZws8ErU:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://trusttransport-eg.com/wp-admin/rphDfzbs/
xlm40.dropper

https://thuexevanphong.com/wp-content/F6JRN/
xlm40.dropper

http://thisiselizabethj.com/wp-content/qeg16EZwSZy2/

Targets

    • Target

      f354b73f8696c401171ba3e75b9a771ace73c34a24088b05abafefdfb77c04a8

    • Size

      77KB

    • MD5

      092c3315ec4ba8739afa849dc02a0d17

    • SHA1

      082cdf2623237670c697ba6e43347aadb36ff2cc

    • SHA256

      f354b73f8696c401171ba3e75b9a771ace73c34a24088b05abafefdfb77c04a8

    • SHA512

      465d2a5d7a861aa63f5135a1db80e4dc3a66282009ba5e3d83729e663eca02723b93e42aa21dc912b987c30053fb1e0c494e3c9278fbbdca4d0ef0ebea036ad3

    • SSDEEP

      1536:ASKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW2+hD8nTLqQrRrZws8ErU:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg0

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks