Overview

overview

10

Static

static

8

db7543af0f...28.xls

windows7-x64

10

db7543af0f...28.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db7543af0f90bc550cff477d4e0cabe83fd85018e95e8cf9eff07c4c2f13f728

  • Size

    95KB

  • Sample

    241120-n9p2ns1lej

  • MD5

    730c75ba5b38bc2a6e8461a83bcc3ad1

  • SHA1

    32a478bd84b794f0faca5844698ace12d21d8799

  • SHA256

    db7543af0f90bc550cff477d4e0cabe83fd85018e95e8cf9eff07c4c2f13f728

  • SHA512

    f8855cb25967fef4fd47215558d89c4e1ef053cf85681ce00cd8689c4b2e747b63de99d3ac8e29e6bc734bb1bf69a7b5132c4407a025694b5843a3c54e3fbf81

  • SSDEEP

    1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgPHuS4hcTO97v7UYdEJmXNvE:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgV

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aysbody.com/catalog/Oax5/
xlm40.dropper

http://www.garantihaliyikama.com/wp-admin/QVvdNIasGj/
xlm40.dropper

https://yoymanajemen.id/wp-content/khXBxIm5/
xlm40.dropper

https://dawtona.dev.goldensystem.pl/wp-admin/EX05554XhKk3ee2cQ/

Targets

    • Target

      db7543af0f90bc550cff477d4e0cabe83fd85018e95e8cf9eff07c4c2f13f728

    • Size

      95KB

    • MD5

      730c75ba5b38bc2a6e8461a83bcc3ad1

    • SHA1

      32a478bd84b794f0faca5844698ace12d21d8799

    • SHA256

      db7543af0f90bc550cff477d4e0cabe83fd85018e95e8cf9eff07c4c2f13f728

    • SHA512

      f8855cb25967fef4fd47215558d89c4e1ef053cf85681ce00cd8689c4b2e747b63de99d3ac8e29e6bc734bb1bf69a7b5132c4407a025694b5843a3c54e3fbf81

    • SSDEEP

      1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgPHuS4hcTO97v7UYdEJmXNvE:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgV

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks