Overview

overview

10

Static

static

8

7b0410a98c...67.xls

windows7-x64

10

7b0410a98c...67.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b0410a98cc69ca1e053327c55d1c40368ef38690c2740454fd865767e16ed67

  • Size

    96KB

  • Sample

    241120-z8r1estblg

  • MD5

    fbb8fe026c289f1999c970da9246ba49

  • SHA1

    05d70997f33ae83141739d47decf6a706a6dbc47

  • SHA256

    7b0410a98cc69ca1e053327c55d1c40368ef38690c2740454fd865767e16ed67

  • SHA512

    623758b642b7f410dafda002e2ad8770943f5fd375ea4cb3ca0ae5999dd7801403b77c804fc1e5e071768bda73fa61c7ea8554e626336daa7b752b8380b21312

  • SSDEEP

    1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmOu9:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgw

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aysbody.com/catalog/fKIbKAcI81pVn/
xlm40.dropper

http://www.birebiregitim.net/wp-includes/mpaZ6zBj3IAJcx/
xlm40.dropper

http://fashionbyprincessmelodicaah.com/4185PINT/79YtAbiNx92iI/
xlm40.dropper

https://pccurico.cl/wp-admin/x3kyR3u8ARXStL7/

Targets

    • Target

      7b0410a98cc69ca1e053327c55d1c40368ef38690c2740454fd865767e16ed67

    • Size

      96KB

    • MD5

      fbb8fe026c289f1999c970da9246ba49

    • SHA1

      05d70997f33ae83141739d47decf6a706a6dbc47

    • SHA256

      7b0410a98cc69ca1e053327c55d1c40368ef38690c2740454fd865767e16ed67

    • SHA512

      623758b642b7f410dafda002e2ad8770943f5fd375ea4cb3ca0ae5999dd7801403b77c804fc1e5e071768bda73fa61c7ea8554e626336daa7b752b8380b21312

    • SSDEEP

      1536:WkKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgNHuS4hcTO97v7UYdEJmOu9:JKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgw

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks