Overview

overview

10

Static

static

8

d2284b9edf...46.xls

windows7-x64

10

d2284b9edf...46.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2284b9edff9d25b37c9e35218823c8638c1519caeb3efeac6dc10cd7c9e4a46

  • Size

    46KB

  • Sample

    250314-zt734ay1a1

  • MD5

    c46c558bf5c419da1085d328ce73f73f

  • SHA1

    166427c22205e83bb686cf7c8e8ff9bedd68d85d

  • SHA256

    d2284b9edff9d25b37c9e35218823c8638c1519caeb3efeac6dc10cd7c9e4a46

  • SHA512

    86d023fd3fc909713cb8c605f48431ddc25e06a9352e3accd1ee579a382245e0578babd98068ef5ccf5f2dd2618350610048551a2b8edb234c75d9791f7e6078

  • SSDEEP

    768:7DMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+Vyis73q/44fq/uVG:7YKpb8rGYrMPe3q7Q0XV5xtezE8vG8U2

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.zardamarine.com/images/psQbAjrrEOXWPrS/
xlm40.dropper

http://kronostr.com/tr/68yHRhfuU7Qj/
xlm40.dropper

http://labfitouts.com/cgi-bin/Rea3Iu3wGvgAbTset0/

Targets

    • Target

      d2284b9edff9d25b37c9e35218823c8638c1519caeb3efeac6dc10cd7c9e4a46

    • Size

      46KB

    • MD5

      c46c558bf5c419da1085d328ce73f73f

    • SHA1

      166427c22205e83bb686cf7c8e8ff9bedd68d85d

    • SHA256

      d2284b9edff9d25b37c9e35218823c8638c1519caeb3efeac6dc10cd7c9e4a46

    • SHA512

      86d023fd3fc909713cb8c605f48431ddc25e06a9352e3accd1ee579a382245e0578babd98068ef5ccf5f2dd2618350610048551a2b8edb234c75d9791f7e6078

    • SSDEEP

      768:7DMPKpb8rGYrMPe3q7Q0XV5xtezE8vpI8UM+Vyis73q/44fq/uVG:7YKpb8rGYrMPe3q7Q0XV5xtezE8vG8U2

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks