Overview

overview

10

Static

static

8

9260506451...12.xls

windows7_x64

10

9260506451...12.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9260506451158624112.xls.zip

  • Size

    43KB

  • Sample

    220127-n7wrfaccar

  • MD5

    52922a3f44718971c42f23895063266f

  • SHA1

    0049c2481883c137efeb37029f15074a10f2065b

  • SHA256

    126ade58e95918fbdd09bcd1790ecb24e0a577852009144c725e9b3af3e47715

  • SHA512

    058464d1bf3e79dc5d3902627b583ca5ac168d5aa0a01d5b3c4a0c31c70663c2b73f86fbb911e0ca11d172204aefbdf31d72cd3f93144be2a6932f91d432a1b7

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://0xb907d607/fer/fe2.html

Targets

    • Target

      9260506451158624112.xls

    • Size

      71KB

    • MD5

      21fc12ef8a4a4ba5b38a303fa7e70c08

    • SHA1

      5700a2231371b289eae19ce62e1a73457ee582c4

    • SHA256

      6407591df6ce61f946e24715faa6fba1b1f3221e2baf22f6c4f5a64f1ea98eb5

    • SHA512

      8200f14c0a8023bb74b39796f7859258ef67a21a5f81704f82315695409795fe724ac8ca81513a95d50d169c824532e43865846ce42b0e541366309ace849654

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks