126ade58e95918fbdd09bcd1790ecb24e0a577852009144c725e9b3af3e47715 | Triage

Submit
Reports

Overview

overview

Static

static

8

9260506451...12.xls

windows7_x64

9260506451...12.xls

windows10_x64

Sharing

General

Target

9260506451158624112.xls.zip
Size

43KB
Sample

220127-n7wrfaccar
MD5

52922a3f44718971c42f23895063266f
SHA1

0049c2481883c137efeb37029f15074a10f2065b
SHA256

126ade58e95918fbdd09bcd1790ecb24e0a577852009144c725e9b3af3e47715
SHA512

058464d1bf3e79dc5d3902627b583ca5ac168d5aa0a01d5b3c4a0c31c70663c2b73f86fbb911e0ca11d172204aefbdf31d72cd3f93144be2a6932f91d432a1b7

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

9260506451158624112.xls

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9260506451158624112.xls

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://0xb907d607/fer/fe2.html

Targets

- Target
  
  9260506451158624112.xls
- Size
  
  71KB
- MD5
  
  21fc12ef8a4a4ba5b38a303fa7e70c08
- SHA1
  
  5700a2231371b289eae19ce62e1a73457ee582c4
- SHA256
  
  6407591df6ce61f946e24715faa6fba1b1f3221e2baf22f6c4f5a64f1ea98eb5
- SHA512
  
  8200f14c0a8023bb74b39796f7859258ef67a21a5f81704f82315695409795fe724ac8ca81513a95d50d169c824532e43865846ce42b0e541366309ace849654
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy