Overview

overview

10

Static

static

8

092be951b9...ed.xls

windows7-x64

10

092be951b9...ed.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    092be951b9dbf2570007e436721605f9f14df729a4c79ec1ef78957d457338ed

  • Size

    40KB

  • Sample

    241120-3a1fpaweqp

  • MD5

    4fb368b6a2d81e1af7649d465450f72f

  • SHA1

    19cede61f4bb394142ce718361ddf20b40e35b06

  • SHA256

    092be951b9dbf2570007e436721605f9f14df729a4c79ec1ef78957d457338ed

  • SHA512

    b91999c96529fc66584b24f12f5aa28e216cfa45d24c0e7c31237a4a6af7a67ba1f01b816121d136abc808f48fa75d3d1de534dfe9b30c901d0894a362924d11

  • SSDEEP

    768:pkZKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAdCBn9kC+xbqc6q+otrvEVLcAg:p+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dZ

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.itesmeitic.com/term/IFjx5ElE0ldr8wDDHjub/
xlm40.dropper

https://www.ingonherbal.com/application/PhEbceg4Tx/
xlm40.dropper

http://ftp.colibriconstruction.net/cc/KHieqeOsagkmlGIuXc56/
xlm40.dropper

http://commune-ariana.tn/sites/3BvaCmo/
xlm40.dropper

http://dmaicinnovations.com/Swift-5.0.2/jEtePB/
xlm40.dropper

https://drcreative.cz/images/DwThyQntyImCHk0tpba/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.itesmeitic.com/term/IFjx5ElE0ldr8wDDHjub/

Targets

    • Target

      092be951b9dbf2570007e436721605f9f14df729a4c79ec1ef78957d457338ed

    • Size

      40KB

    • MD5

      4fb368b6a2d81e1af7649d465450f72f

    • SHA1

      19cede61f4bb394142ce718361ddf20b40e35b06

    • SHA256

      092be951b9dbf2570007e436721605f9f14df729a4c79ec1ef78957d457338ed

    • SHA512

      b91999c96529fc66584b24f12f5aa28e216cfa45d24c0e7c31237a4a6af7a67ba1f01b816121d136abc808f48fa75d3d1de534dfe9b30c901d0894a362924d11

    • SSDEEP

      768:pkZKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAdCBn9kC+xbqc6q+otrvEVLcAg:p+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/dZ

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks