Overview

overview

10

Static

static

8

ea45d2ea2b...02.xls

windows7-x64

10

ea45d2ea2b...02.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea45d2ea2bd8b6fcbb4985ae31988003da216e498d4f71641c5191a6425db902

  • Size

    60KB

  • Sample

    241120-v7prfsvlgn

  • MD5

    fadcaad3f5c756fd40c1408359f7b632

  • SHA1

    71407d3485eb44222925177a1f0358361384063d

  • SHA256

    ea45d2ea2bd8b6fcbb4985ae31988003da216e498d4f71641c5191a6425db902

  • SHA512

    b14c7e0ae1b03ea50911d954fc034578141e0bcb56f993e33a496f2fac27c52b5ee970d24a65d03266b7292be968bae54db7ba913b463381194ea4879625288c

  • SSDEEP

    1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5N:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgw

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://www.valyval.com/pun/VAYL/
xlm40.dropper

http://cabans.com/CeudWYRQEzZgrHPcI/
xlm40.dropper

http://calzadoyuyin.com/cgj-bin/jZPff/
xlm40.dropper

http://cagranus.com/slide/mcqAFuMhaekn/

Targets

    • Target

      ea45d2ea2bd8b6fcbb4985ae31988003da216e498d4f71641c5191a6425db902

    • Size

      60KB

    • MD5

      fadcaad3f5c756fd40c1408359f7b632

    • SHA1

      71407d3485eb44222925177a1f0358361384063d

    • SHA256

      ea45d2ea2bd8b6fcbb4985ae31988003da216e498d4f71641c5191a6425db902

    • SHA512

      b14c7e0ae1b03ea50911d954fc034578141e0bcb56f993e33a496f2fac27c52b5ee970d24a65d03266b7292be968bae54db7ba913b463381194ea4879625288c

    • SSDEEP

      1536:NpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgUDOJiA6Cv/UGLI36yOAR5N:rKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgw

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks