Overview

overview

10

Static

static

8

e12ad8bbc6...f7.xls

windows7-x64

10

e12ad8bbc6...f7.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e12ad8bbc61d27c333b840dada0822d4a90b5271826e0717d54e68974d91fdf7

  • Size

    101KB

  • Sample

    241120-wmmxssvpbk

  • MD5

    a020169f88c2a27b9b70f3f0a427ac2c

  • SHA1

    896e2d0ef6f311f907bfb48ec59c5eedbc654e61

  • SHA256

    e12ad8bbc61d27c333b840dada0822d4a90b5271826e0717d54e68974d91fdf7

  • SHA512

    06905929abb50f58124049b026a534413c855da8953fac50fddb06834d19c85fccb5fb39f98acb74c73b329d5e9b0fa0917e9e0eaa7e2839746bba52adeaffbc

  • SSDEEP

    3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8Oc:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+Q

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://dlfreight.com/wp-includes/zLuZdtVkoriGTaRE/
xlm40.dropper

http://hadramout21.com/jetpack-temp/KjOqTnCwBbVrz8w/
xlm40.dropper

http://groupesther.com/wp-admin/2hhcMwfOG0aRi1t/
xlm40.dropper

http://datainline.com/aspnet_client/56LwAJvy/
xlm40.dropper

http://greycoconut.com/edm/0ywf2bF/

Targets

    • Target

      e12ad8bbc61d27c333b840dada0822d4a90b5271826e0717d54e68974d91fdf7

    • Size

      101KB

    • MD5

      a020169f88c2a27b9b70f3f0a427ac2c

    • SHA1

      896e2d0ef6f311f907bfb48ec59c5eedbc654e61

    • SHA256

      e12ad8bbc61d27c333b840dada0822d4a90b5271826e0717d54e68974d91fdf7

    • SHA512

      06905929abb50f58124049b026a534413c855da8953fac50fddb06834d19c85fccb5fb39f98acb74c73b329d5e9b0fa0917e9e0eaa7e2839746bba52adeaffbc

    • SSDEEP

      3072:+Kpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+MbOBzbq0f6RlD9fxW8s8Oc:+Kpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+Q

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks