Overview

overview

10

Static

static

8

681d098675...67.xls

windows7-x64

10

681d098675...67.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    681d0986756410c466a2984772af3ac606b1052e4ab1888bf405fb4f80946367

  • Size

    91KB

  • Sample

    241120-v5cn4szpey

  • MD5

    96011f4e08873f93a329299e2bc6dc7f

  • SHA1

    d3b96baa9c1e202e78369d0ad0936aa0ad2704f1

  • SHA256

    681d0986756410c466a2984772af3ac606b1052e4ab1888bf405fb4f80946367

  • SHA512

    dbf95032c9277a913853dcb77d6845d7e7b49081be97924a95db5d8d265dad5aa4f14168eda1a92f815d459622203149dd6452caf75e2982fe144bbf06fed0b3

  • SSDEEP

    1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgCbCXuZH4gb4CEn9J4ZiL5:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgp

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://helpeve.com/wp-admin/sOdeuF1c4DV2h/
xlm40.dropper

http://christplanet.com/wp-admin/maint/mtlsi/TxsAE7TAAb/
xlm40.dropper

http://www.chawkyfrenn.com/icon/LRWYSefRL7/
xlm40.dropper

http://chist.com/dir-/N5zALqqTmf/

Targets

    • Target

      681d0986756410c466a2984772af3ac606b1052e4ab1888bf405fb4f80946367

    • Size

      91KB

    • MD5

      96011f4e08873f93a329299e2bc6dc7f

    • SHA1

      d3b96baa9c1e202e78369d0ad0936aa0ad2704f1

    • SHA256

      681d0986756410c466a2984772af3ac606b1052e4ab1888bf405fb4f80946367

    • SHA512

      dbf95032c9277a913853dcb77d6845d7e7b49081be97924a95db5d8d265dad5aa4f14168eda1a92f815d459622203149dd6452caf75e2982fe144bbf06fed0b3

    • SSDEEP

      1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgCbCXuZH4gb4CEn9J4ZiL5:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgp

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks