Overview

overview

10

Static

static

8

c376ffe4c2...5.xlsm

windows7_x64

10

c376ffe4c2...5.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15

  • Size

    110KB

  • Sample

    220118-hsnvdsaad5

  • MD5

    a1f20adb77868064a50bf9bc57f083e8

  • SHA1

    f016542608ddadb035c27ea0e8384dee30c72f51

  • SHA256

    c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15

  • SHA512

    8be3e16a5ed738328db940de7dce129cf7dbdfbefb3b1baa2d15d1c971fd9613bc5047aaea5bd13f6f74b9dff2f6b89c4c033e9a5d934781b9673bd6ff3b9180

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://0056.0151.0121.0114/c.html

Targets

    • Target

      c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15

    • Size

      110KB

    • MD5

      a1f20adb77868064a50bf9bc57f083e8

    • SHA1

      f016542608ddadb035c27ea0e8384dee30c72f51

    • SHA256

      c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15

    • SHA512

      8be3e16a5ed738328db940de7dce129cf7dbdfbefb3b1baa2d15d1c971fd9613bc5047aaea5bd13f6f74b9dff2f6b89c4c033e9a5d934781b9673bd6ff3b9180

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks