Overview

overview

10

Static

static

8

7a37316960...c8.xls

windows7-x64

10

7a37316960...c8.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a37316960d73bef2321dbd74a2e5a5ccc7eb6c6f245fb50d32e371b6fb04bc8

  • Size

    40KB

  • Sample

    241120-xt58dswmek

  • MD5

    d1245f3fb9af8d7ac5fcd6c162bdc2f2

  • SHA1

    3a98e5a18838576ad8c0eccdd5c95d1456082998

  • SHA256

    7a37316960d73bef2321dbd74a2e5a5ccc7eb6c6f245fb50d32e371b6fb04bc8

  • SHA512

    efbb7d5e67542b26cd2cabfcdd9eaff048644ee90cc9fd9e8e30ac0c8e58db7f3d61a3f0ba6c97e0c0b89fd842d21dce195945f5e6891901f9d98e3526e8545e

  • SSDEEP

    768:pkZKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAdCBn9kC+xbqc6q+otrvEVLcAo:p+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/d5

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.itesmeitic.com/term/IFjx5ElE0ldr8wDDHjub/
xlm40.dropper

https://www.ingonherbal.com/application/PhEbceg4Tx/
xlm40.dropper

http://ftp.colibriconstruction.net/cc/KHieqeOsagkmlGIuXc56/
xlm40.dropper

http://commune-ariana.tn/sites/3BvaCmo/
xlm40.dropper

http://dmaicinnovations.com/Swift-5.0.2/jEtePB/
xlm40.dropper

https://drcreative.cz/images/DwThyQntyImCHk0tpba/

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.itesmeitic.com/term/IFjx5ElE0ldr8wDDHjub/

Targets

    • Target

      7a37316960d73bef2321dbd74a2e5a5ccc7eb6c6f245fb50d32e371b6fb04bc8

    • Size

      40KB

    • MD5

      d1245f3fb9af8d7ac5fcd6c162bdc2f2

    • SHA1

      3a98e5a18838576ad8c0eccdd5c95d1456082998

    • SHA256

      7a37316960d73bef2321dbd74a2e5a5ccc7eb6c6f245fb50d32e371b6fb04bc8

    • SHA512

      efbb7d5e67542b26cd2cabfcdd9eaff048644ee90cc9fd9e8e30ac0c8e58db7f3d61a3f0ba6c97e0c0b89fd842d21dce195945f5e6891901f9d98e3526e8545e

    • SSDEEP

      768:pkZKpb8rGYrMPe3q7Q0XV5xtezEs/68/dgAdCBn9kC+xbqc6q+otrvEVLcAo:p+Kpb8rGYrMPe3q7Q0XV5xtezEsi8/d5

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks