Overview

overview

10

Static

static

8

c120b7f988...fa.xls

windows7-x64

10

c120b7f988...fa.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c120b7f98807fe6daf3b8b66d997608b50d5251ebc14f7be00437e98e1ea7cfa

  • Size

    243KB

  • Sample

    241120-nr9ncswbrh

  • MD5

    ff65c7417fa249719b62fbdac349a53b

  • SHA1

    ffec93eb75d7efb944d4f875753a9ded26f354af

  • SHA256

    c120b7f98807fe6daf3b8b66d997608b50d5251ebc14f7be00437e98e1ea7cfa

  • SHA512

    ea4087517eadafc3f89a3578376224451339e4f010fa19ca0d97d54508045d73e8ba47e5ac31bfcc964e13494fd69362ff63910321a8dae6c908422cc39a252c

  • SSDEEP

    6144:DKpbdrHYrMue8q7QPX+5xtFEdi8/dg/ThvsiKIjvl5fd1Xh8rsoX/w/0Y:ghEXs5fXR8rsNT

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://servidorcarlosydavid.es/wp-admin/jkNPgHxNjF/
xlm40.dropper

https://gmo-sol-p10.heteml.jp/includes/UoJMgYAc1EES/
xlm40.dropper

https://iashanghai.cn/z/Z1PG6ulBh20plss/
xlm40.dropper

https://www.pasionportufuturo.pe/wp-content/HkUfvw0xuCy5/
xlm40.dropper

http://dmdagents.com.au/vqwbgz/CL4Bo4C4VS0deg/

Targets

    • Target

      c120b7f98807fe6daf3b8b66d997608b50d5251ebc14f7be00437e98e1ea7cfa

    • Size

      243KB

    • MD5

      ff65c7417fa249719b62fbdac349a53b

    • SHA1

      ffec93eb75d7efb944d4f875753a9ded26f354af

    • SHA256

      c120b7f98807fe6daf3b8b66d997608b50d5251ebc14f7be00437e98e1ea7cfa

    • SHA512

      ea4087517eadafc3f89a3578376224451339e4f010fa19ca0d97d54508045d73e8ba47e5ac31bfcc964e13494fd69362ff63910321a8dae6c908422cc39a252c

    • SSDEEP

      6144:DKpbdrHYrMue8q7QPX+5xtFEdi8/dg/ThvsiKIjvl5fd1Xh8rsoX/w/0Y:ghEXs5fXR8rsNT

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks