Overview

overview

10

Static

static

8

e978e6de3a...1b.xls

windows7-x64

10

e978e6de3a...1b.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e978e6de3ac8e28cca2b335185a88df82a168e5fe79fd68683191f0e0804e61b

  • Size

    248KB

  • Sample

    241120-2zf8nswdjl

  • MD5

    01e3b32ddafcc348a275b4c4c5f40505

  • SHA1

    ca82e8dc242762ff5b89f78f2d4fa33202a21a68

  • SHA256

    e978e6de3ac8e28cca2b335185a88df82a168e5fe79fd68683191f0e0804e61b

  • SHA512

    acc5864ba0016fdd2da3a19d7c4640a31954d6d6dc25424d12001aac8bf94e22691b5131c8ba12f8ad8fe8053cae5f8f1ad18073931518c6a6a68409e3f5bc5a

  • SSDEEP

    6144:EKpbdrHYrMue8q7QPX+5xtFEdi8/dgUThvsiKIjvl5fd1Xh8rsoX/w/09:UhEXs5fXR8rsNQ

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://dalgahavuzu.com/pwkfky/LF0WU/
xlm40.dropper

https://dolphinsupremehavuzrobotu.com/yrrct/QcbxhqCQ/
xlm40.dropper

https://sandiegoinsuranceagents.com/cgi-bin/XK1VSXZddLdN/
xlm40.dropper

https://kinetekturk.com/e2ea69p/9U52O7jTobF8J/
xlm40.dropper

https://isguvenligiburada.com/xcg/uZSU/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://dalgahavuzu.com/pwkfky/LF0WU/
xlm40.dropper

https://dolphinsupremehavuzrobotu.com/yrrct/QcbxhqCQ/
xlm40.dropper

https://sandiegoinsuranceagents.com/cgi-bin/XK1VSXZddLdN/

Targets

    • Target

      e978e6de3ac8e28cca2b335185a88df82a168e5fe79fd68683191f0e0804e61b

    • Size

      248KB

    • MD5

      01e3b32ddafcc348a275b4c4c5f40505

    • SHA1

      ca82e8dc242762ff5b89f78f2d4fa33202a21a68

    • SHA256

      e978e6de3ac8e28cca2b335185a88df82a168e5fe79fd68683191f0e0804e61b

    • SHA512

      acc5864ba0016fdd2da3a19d7c4640a31954d6d6dc25424d12001aac8bf94e22691b5131c8ba12f8ad8fe8053cae5f8f1ad18073931518c6a6a68409e3f5bc5a

    • SSDEEP

      6144:EKpbdrHYrMue8q7QPX+5xtFEdi8/dgUThvsiKIjvl5fd1Xh8rsoX/w/09:UhEXs5fXR8rsNQ

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks