Overview

overview

10

Static

static

8

9c48fc5a00...7c.xls

windows7-x64

10

9c48fc5a00...7c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c48fc5a00f65eb256e1dd5a3665dd03e5399458554ee216e3a6fcb1b081197c

  • Size

    95KB

  • Sample

    241120-xc6gtswkbj

  • MD5

    0077a4b1753a47cbdb9a7401d0cf5902

  • SHA1

    8265638c09d985b1bd6eefed6bf13bd405ea4cfb

  • SHA256

    9c48fc5a00f65eb256e1dd5a3665dd03e5399458554ee216e3a6fcb1b081197c

  • SHA512

    e4c089595d6a18e6613cd268dbc0d02004718fdce10f679e6fd84a837ca203b12b438b9de5a84a28d64ce7f614004f3af232208b82b2cd8c8c6c6252cd1dda76

  • SSDEEP

    1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgPHuS4hcTO97v7UYdEJmXNTE:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgh

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aysbody.com/catalog/Oax5/
xlm40.dropper

http://www.garantihaliyikama.com/wp-admin/QVvdNIasGj/
xlm40.dropper

https://yoymanajemen.id/wp-content/khXBxIm5/
xlm40.dropper

https://dawtona.dev.goldensystem.pl/wp-admin/EX05554XhKk3ee2cQ/

Targets

    • Target

      9c48fc5a00f65eb256e1dd5a3665dd03e5399458554ee216e3a6fcb1b081197c

    • Size

      95KB

    • MD5

      0077a4b1753a47cbdb9a7401d0cf5902

    • SHA1

      8265638c09d985b1bd6eefed6bf13bd405ea4cfb

    • SHA256

      9c48fc5a00f65eb256e1dd5a3665dd03e5399458554ee216e3a6fcb1b081197c

    • SHA512

      e4c089595d6a18e6613cd268dbc0d02004718fdce10f679e6fd84a837ca203b12b438b9de5a84a28d64ce7f614004f3af232208b82b2cd8c8c6c6252cd1dda76

    • SSDEEP

      1536:PFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgPHuS4hcTO97v7UYdEJmXNTE:tKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgh

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks