Overview

overview

10

Static

static

8

200c0964d4...95.xls

windows7-x64

10

200c0964d4...95.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    200c0964d40521e91717d00dba2bc2db6a7473e97fdc58cb0f51e03d4f0d4595

  • Size

    95KB

  • Sample

    241120-t9hv9azgjm

  • MD5

    c9e2590a8384aa028fdda61ed985beb3

  • SHA1

    ca1643f9cd88009ee800330f96c8c372827014d4

  • SHA256

    200c0964d40521e91717d00dba2bc2db6a7473e97fdc58cb0f51e03d4f0d4595

  • SHA512

    edec7b81e5a89b0215fc6486ecf255c6ef42ffef075b8c7970e8e960f4159cc277fd151bdc13debeec001295621d061565b4e821ffb76743ad54833a5349f147

  • SSDEEP

    1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFh2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgE

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://educacionsanvicentefundacion.com/iplookup/wYEInbaN/
xlm40.dropper

https://www.4monkeys.com/wp-admin/dNAuBEKo/
xlm40.dropper

http://haircutbar.com/cgi-bin/dNfEA5F/
xlm40.dropper

http://gedebey-tvradio.info/wp-includes/T0J9THbd5f2/

Targets

    • Target

      200c0964d40521e91717d00dba2bc2db6a7473e97fdc58cb0f51e03d4f0d4595

    • Size

      95KB

    • MD5

      c9e2590a8384aa028fdda61ed985beb3

    • SHA1

      ca1643f9cd88009ee800330f96c8c372827014d4

    • SHA256

      200c0964d40521e91717d00dba2bc2db6a7473e97fdc58cb0f51e03d4f0d4595

    • SHA512

      edec7b81e5a89b0215fc6486ecf255c6ef42ffef075b8c7970e8e960f4159cc277fd151bdc13debeec001295621d061565b4e821ffb76743ad54833a5349f147

    • SSDEEP

      1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFh2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgE

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks