Overview

overview

10

Static

static

8

d7bea6635d...5a.xls

windows7-x64

10

d7bea6635d...5a.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7bea6635d25b646a1cc0526b75a840f67a3f38a478e7eb4f26133d52e10da5a

  • Size

    77KB

  • Sample

    241120-qey27s1raj

  • MD5

    0d813d474d5a5aac6d95f69b40eda726

  • SHA1

    0a4bf9af5ddb63618afd4ed0d2e95bb989af764e

  • SHA256

    d7bea6635d25b646a1cc0526b75a840f67a3f38a478e7eb4f26133d52e10da5a

  • SHA512

    22a30a9b5662853a4ccf7d12e52cc13992aec78dc3586d9ef272d12c3f7970d25759709a1b25b2c8f1ab493a2a7fade54fb6ca830093b5821aa7070f65bf10de

  • SSDEEP

    1536:ASKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW2+hD8nTLqQrRrZws8Er0:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgU

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://trusttransport-eg.com/wp-admin/rphDfzbs/
xlm40.dropper

https://thuexevanphong.com/wp-content/F6JRN/
xlm40.dropper

http://thisiselizabethj.com/wp-content/qeg16EZwSZy2/

Targets

    • Target

      d7bea6635d25b646a1cc0526b75a840f67a3f38a478e7eb4f26133d52e10da5a

    • Size

      77KB

    • MD5

      0d813d474d5a5aac6d95f69b40eda726

    • SHA1

      0a4bf9af5ddb63618afd4ed0d2e95bb989af764e

    • SHA256

      d7bea6635d25b646a1cc0526b75a840f67a3f38a478e7eb4f26133d52e10da5a

    • SHA512

      22a30a9b5662853a4ccf7d12e52cc13992aec78dc3586d9ef272d12c3f7970d25759709a1b25b2c8f1ab493a2a7fade54fb6ca830093b5821aa7070f65bf10de

    • SSDEEP

      1536:ASKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgW2+hD8nTLqQrRrZws8Er0:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgU

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks