Overview

overview

10

Static

static

8

346a4b249e...b1.xls

windows7-x64

10

346a4b249e...b1.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    346a4b249e6125c08285921b233c9abf1af8cca62455701eb0173e0a15ae36b1

  • Size

    47KB

  • Sample

    241120-nc9ptawlb1

  • MD5

    79c0a776b114507c2e8b3be432ccacc8

  • SHA1

    1cfa135ae1e491289e597e27f8e59a7020661ab2

  • SHA256

    346a4b249e6125c08285921b233c9abf1af8cca62455701eb0173e0a15ae36b1

  • SHA512

    6e435d7a0cf18d2d0b6feace0ae7957ac90d7b25dc78a4d712446570cbeb09eff0a2866dda80e2a35bd5b9527f7d123472671fafc755a125ad95a775599c25ea

  • SSDEEP

    768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5H:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gV

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eleselektromekanik.com/69Iq5Pwbd0/s/
xlm40.dropper

https://demo.icn.com.np/stories/Qk/
xlm40.dropper

http://demo34.ckg.hk/service/Atk7RQfUV673M/
xlm40.dropper

https://bitmovil.mx/css/TrgyPiTXy3/
xlm40.dropper

http://dupot.cz/tvhost/DUnMUvwZOhQs/
xlm40.dropper

http://focanainternet.com.br/erros/DepAK3p1Y/

Targets

    • Target

      346a4b249e6125c08285921b233c9abf1af8cca62455701eb0173e0a15ae36b1

    • Size

      47KB

    • MD5

      79c0a776b114507c2e8b3be432ccacc8

    • SHA1

      1cfa135ae1e491289e597e27f8e59a7020661ab2

    • SHA256

      346a4b249e6125c08285921b233c9abf1af8cca62455701eb0173e0a15ae36b1

    • SHA512

      6e435d7a0cf18d2d0b6feace0ae7957ac90d7b25dc78a4d712446570cbeb09eff0a2866dda80e2a35bd5b9527f7d123472671fafc755a125ad95a775599c25ea

    • SSDEEP

      768:yDM52tfQXi8vgLZkTOHkQT51Vp6AwPdM8gQ6JOiX6DGwUk7qHDSEuRZjiBp5H:y62tfQXi8vgLZkTOHkQT51Vp6AwPe8gV

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks