Overview

overview

10

Static

static

8

c0be5cb258...37.xls

windows7-x64

10

c0be5cb258...37.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c0be5cb258ef34798c2458ac5713f4fd3ff39f456522abba97b02776d0955e37

  • Size

    96KB

  • Sample

    241120-31w6ys1jhm

  • MD5

    120abfcf7ef81f32f7b5f41328ac73e6

  • SHA1

    cc6bf59d72fc9190d4b2b59fa07b87edec0ec330

  • SHA256

    c0be5cb258ef34798c2458ac5713f4fd3ff39f456522abba97b02776d0955e37

  • SHA512

    9310dd9b8f42d9cb062e881c95b8a234154b6a71d40e2e510e60797d5305e3faa6de849f28b4070a7e1b166997d9c05bf0e2d5b83b67a9592c2a3e9aeb97e3ea

  • SSDEEP

    1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm39:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgF

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/
xlm40.dropper

http://greycoconut.com/edm/71qUA/
xlm40.dropper

http://zonainformatica.es/tienda/XCHJmidSYTkE/
xlm40.dropper

http://balletmagazine.ro/wp-content/9VrMPV/

Targets

    • Target

      c0be5cb258ef34798c2458ac5713f4fd3ff39f456522abba97b02776d0955e37

    • Size

      96KB

    • MD5

      120abfcf7ef81f32f7b5f41328ac73e6

    • SHA1

      cc6bf59d72fc9190d4b2b59fa07b87edec0ec330

    • SHA256

      c0be5cb258ef34798c2458ac5713f4fd3ff39f456522abba97b02776d0955e37

    • SHA512

      9310dd9b8f42d9cb062e881c95b8a234154b6a71d40e2e510e60797d5305e3faa6de849f28b4070a7e1b166997d9c05bf0e2d5b83b67a9592c2a3e9aeb97e3ea

    • SSDEEP

      1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm39:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgF

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks