Overview

overview

10

Static

static

8

fff7ee660d...25.xls

windows7-x64

10

fff7ee660d...25.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fff7ee660d84c472f00fb8b0f017548e9bc5309f5dc19cc12c93c59763768a25

  • Size

    167KB

  • Sample

    250319-z5x29sxlz5

  • MD5

    3807478821ef98618e85411b88086376

  • SHA1

    adce9143dd2b45ffc52dc75ee8f89c535ee7d1b9

  • SHA256

    fff7ee660d84c472f00fb8b0f017548e9bc5309f5dc19cc12c93c59763768a25

  • SHA512

    eff2ac714d76806e1b536959e985e91ed88d01bcfc209b792b1e9f22e8b31aa501f175653770ac40f6cc6d5cc71b72e75c2e3ebedb42c542351750a0b42f32f9

  • SSDEEP

    3072:Nrk3hbdlylKsgqopeJBWhZFGkE+cLax9h1M1Xdzj59Ecrieer+s7aHwga8EdOdES:Zk3hbdlylKsgqopeJBWhZFVE+Wax9hwd

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://ethelenecrace.xyz/fbb3

Extracted

Language
xlm4.0
Source

Targets

    • Target

      fff7ee660d84c472f00fb8b0f017548e9bc5309f5dc19cc12c93c59763768a25

    • Size

      167KB

    • MD5

      3807478821ef98618e85411b88086376

    • SHA1

      adce9143dd2b45ffc52dc75ee8f89c535ee7d1b9

    • SHA256

      fff7ee660d84c472f00fb8b0f017548e9bc5309f5dc19cc12c93c59763768a25

    • SHA512

      eff2ac714d76806e1b536959e985e91ed88d01bcfc209b792b1e9f22e8b31aa501f175653770ac40f6cc6d5cc71b72e75c2e3ebedb42c542351750a0b42f32f9

    • SSDEEP

      3072:Nrk3hbdlylKsgqopeJBWhZFGkE+cLax9h1M1Xdzj59Ecrieer+s7aHwga8EdOdES:Zk3hbdlylKsgqopeJBWhZFVE+Wax9hwd

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks