Overview

overview

10

Static

static

8

D73.xlsm

windows7_x64

10

D73.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    D73.xlsm

  • Size

    110KB

  • Sample

    220117-3akegadga7

  • MD5

    88ba108c5c564f6dab3e1c4031a9a7e9

  • SHA1

    fbffd091afdae3d1e40a17e4f1c73174afc6234e

  • SHA256

    b74ebda344b21397a7dda793d725fc98a04efae5d4cc51c8c8b6f9c253bdcb83

  • SHA512

    82fec2d0679d56c1911d606463a5f5894c5de0ded95a11315f38fea796298884b24a37b10f9c5d1df3fdfc044b06c71f75e74d7b53fab57c133798a0124736ff

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://0056.0151.0121.0114/c.html

Targets

    • Target

      D73.xlsm

    • Size

      110KB

    • MD5

      88ba108c5c564f6dab3e1c4031a9a7e9

    • SHA1

      fbffd091afdae3d1e40a17e4f1c73174afc6234e

    • SHA256

      b74ebda344b21397a7dda793d725fc98a04efae5d4cc51c8c8b6f9c253bdcb83

    • SHA512

      82fec2d0679d56c1911d606463a5f5894c5de0ded95a11315f38fea796298884b24a37b10f9c5d1df3fdfc044b06c71f75e74d7b53fab57c133798a0124736ff

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks