Overview

overview

10

Static

static

8

d2ece286a2...cc.xls

windows7-x64

10

d2ece286a2...cc.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2ece286a2ca2405bbd07639c4cd74971bde93307ecacff01dc8ee7f4ec9e7cc

  • Size

    96KB

  • Sample

    241120-k6tnxavajb

  • MD5

    0d3d2dbf0f673e5b5fdd426f64d41034

  • SHA1

    c79d2cc2d3bfd1df1e66e3aaa5740213d30fe06a

  • SHA256

    d2ece286a2ca2405bbd07639c4cd74971bde93307ecacff01dc8ee7f4ec9e7cc

  • SHA512

    26397ec94ad9a937a331979a2305dc8fab5184daaba64ea017063a25827ea5d1343a1f60d0125008522b96c19f4f085e279bf2192ce993251a6528bc0b742d70

  • SSDEEP

    1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJma7:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgc

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://bpsjambi.id/about/CcN5IbuInPQ/
xlm40.dropper

https://greenlizard.co.za/amanah/pu8xeUOpqqq/
xlm40.dropper

https://akuntansi.itny.ac.id/asset/NH7qwRrn81Taa0VVqpx/
xlm40.dropper

https://www.yell.ge/nav_logo/x960wo3PHaIUm/

Targets

    • Target

      d2ece286a2ca2405bbd07639c4cd74971bde93307ecacff01dc8ee7f4ec9e7cc

    • Size

      96KB

    • MD5

      0d3d2dbf0f673e5b5fdd426f64d41034

    • SHA1

      c79d2cc2d3bfd1df1e66e3aaa5740213d30fe06a

    • SHA256

      d2ece286a2ca2405bbd07639c4cd74971bde93307ecacff01dc8ee7f4ec9e7cc

    • SHA512

      26397ec94ad9a937a331979a2305dc8fab5184daaba64ea017063a25827ea5d1343a1f60d0125008522b96c19f4f085e279bf2192ce993251a6528bc0b742d70

    • SSDEEP

      1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgEHuS4hcTO97v7UYdEJma7:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgc

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks