Overview

overview

10

Static

static

8

417115d333...e4.xls

windows7-x64

10

417115d333...e4.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    417115d3338ded571f81b84680dcc25446114049372be007c17a5c578390f6e4

  • Size

    80KB

  • Sample

    241120-sz453aynft

  • MD5

    b2446bcd29c0d2eb9a58a626b4c63ddb

  • SHA1

    e3340a35313aeb36ac88181901e70ac2d75a73ef

  • SHA256

    417115d3338ded571f81b84680dcc25446114049372be007c17a5c578390f6e4

  • SHA512

    122ca3518a66b49bb457a05cd3cd470e18e1c73c14fd114e9307e4be4d36f365b9ecf6b4974a41b9f19dbd987b7da0f4519da81e693bf9e6928492091fd80a01

  • SSDEEP

    1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeF6:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dX

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://beeslandkerman.ir/XPFvBDrNkT/lUkOx4VAOizId7u/
xlm40.dropper

http://cerdi.com/_derived/J4Fu7VmGZQ7rGA/
xlm40.dropper

https://www.chasingmavericks.co.ke/agendaafrikadebates.co.ke/QznOFMKV9R/
xlm40.dropper

http://bsbmakina.com.tr/logo/eVWaAWm/

Targets

    • Target

      417115d3338ded571f81b84680dcc25446114049372be007c17a5c578390f6e4

    • Size

      80KB

    • MD5

      b2446bcd29c0d2eb9a58a626b4c63ddb

    • SHA1

      e3340a35313aeb36ac88181901e70ac2d75a73ef

    • SHA256

      417115d3338ded571f81b84680dcc25446114049372be007c17a5c578390f6e4

    • SHA512

      122ca3518a66b49bb457a05cd3cd470e18e1c73c14fd114e9307e4be4d36f365b9ecf6b4974a41b9f19dbd987b7da0f4519da81e693bf9e6928492091fd80a01

    • SSDEEP

      1536:ROOKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgFQHuS4VcTO9/r7UYdEJeF6:RBKpb8rGYrMPe3q7Q0XV5xtezEsi8/dX

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks