Overview

overview

10

Static

static

8

a3396cd39b...94.xls

windows7-x64

10

a3396cd39b...94.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3396cd39b3ee792caf6e6f05fc6022b90c535a7078fa96d899f56b159b82194

  • Size

    96KB

  • Sample

    241120-y6a4fssne1

  • MD5

    6ede82d2972a2a921fc37b7cc275edf9

  • SHA1

    59e4098c8b0aae152a0fa3ae8978e0e9689c9bda

  • SHA256

    a3396cd39b3ee792caf6e6f05fc6022b90c535a7078fa96d899f56b159b82194

  • SHA512

    ba195ec358a114ef1218ddd0683d71c9cc7b8b126472ef3702fb555fd02f6c292a49ada11cf9999f6972fd85c6857a559125c2ba5586ebaf360b4ef87165f598

  • SSDEEP

    1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmOuV:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgY

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aysbody.com/catalog/fKIbKAcI81pVn/
xlm40.dropper

http://www.birebiregitim.net/wp-includes/mpaZ6zBj3IAJcx/
xlm40.dropper

http://fashionbyprincessmelodicaah.com/4185PINT/79YtAbiNx92iI/
xlm40.dropper

https://pccurico.cl/wp-admin/x3kyR3u8ARXStL7/

Targets

    • Target

      a3396cd39b3ee792caf6e6f05fc6022b90c535a7078fa96d899f56b159b82194

    • Size

      96KB

    • MD5

      6ede82d2972a2a921fc37b7cc275edf9

    • SHA1

      59e4098c8b0aae152a0fa3ae8978e0e9689c9bda

    • SHA256

      a3396cd39b3ee792caf6e6f05fc6022b90c535a7078fa96d899f56b159b82194

    • SHA512

      ba195ec358a114ef1218ddd0683d71c9cc7b8b126472ef3702fb555fd02f6c292a49ada11cf9999f6972fd85c6857a559125c2ba5586ebaf360b4ef87165f598

    • SSDEEP

      1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmOuV:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgY

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks