Overview

overview

10

Static

static

8

a964cf185f...82.xls

windows7-x64

10

a964cf185f...82.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a964cf185f84f6b3a71317a5a98d97500dd8d8ba62de281dd2fc468c37a33e82

  • Size

    70KB

  • Sample

    241120-pw52eawgnh

  • MD5

    7d3fccce6c25a8db6579065552df05ea

  • SHA1

    594d6c80f1eeff4c8794ae690f79335d1b292124

  • SHA256

    a964cf185f84f6b3a71317a5a98d97500dd8d8ba62de281dd2fc468c37a33e82

  • SHA512

    5bb63e6921e707da71246c4d432d492c7c9f88699623c6997864663db0d93fd37e1116b94226e502a0b5ca4ff807c3e59375a36adca1c6ecc3a70cba6c29eca3

  • SSDEEP

    1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Eg0:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMh

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://strachanclark.com/images/3gc4qCpSFYbBMDEC/
xlm40.dropper

https://synapse-archive.com/images/bKaMr/
xlm40.dropper

https://sumuvesa.com/wp-includes/rgL/

Targets

    • Target

      a964cf185f84f6b3a71317a5a98d97500dd8d8ba62de281dd2fc468c37a33e82

    • Size

      70KB

    • MD5

      7d3fccce6c25a8db6579065552df05ea

    • SHA1

      594d6c80f1eeff4c8794ae690f79335d1b292124

    • SHA256

      a964cf185f84f6b3a71317a5a98d97500dd8d8ba62de281dd2fc468c37a33e82

    • SHA512

      5bb63e6921e707da71246c4d432d492c7c9f88699623c6997864663db0d93fd37e1116b94226e502a0b5ca4ff807c3e59375a36adca1c6ecc3a70cba6c29eca3

    • SSDEEP

      1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Eg0:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMh

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks