7711d6fb56bb07b0db1056116eebfe905174f3772177006c61a7d2ecb1768311

Sharing

Copy URL

Twitter E-mail

General

Target

7711d6fb56bb07b0db1056116eebfe905174f3772177006c61a7d2ecb1768311
Size

23.0MB
Sample

220128-b7y6caebbl
MD5

cf480c70d1806240c8fed158eac87862
SHA1

022d578071946778168ee88830bf6053c371ac0a
SHA256

7711d6fb56bb07b0db1056116eebfe905174f3772177006c61a7d2ecb1768311
SHA512

0635ebf6e331d58384d4452765c58f22d775969ee1e501d31a806ab4ef998d072fb7dcd4238a827e69b5e7b1637b565f4253e98f8c8291e3442a0c2b0216dd08

Score

10^/10

macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://0xc12a24f5/cc.html

Targets

- Target
  
  file-1.xls
- Size
  
  64KB
- MD5
  
  be6c14686243f70182f1b46492197f43
- SHA1
  
  56be88f03cddb41f01cde7839441aef10817e364
- SHA256
  
  01f595d0e040fa2450c3a453aa31cab55a53e706896cf7446a6549c69c25a83a
- SHA512
  
  dbef867376fe6dea0414a8f82b21d264921365865e2c1acbe5fd314c2dfd2286e5002af0289869acf0e5b60485d420e8f582292c90e727c4b0eea3939b2746e4
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  file-10.xls
- Size
  
  64KB
- MD5
  
  407ca1c008aa11bf01667acb1ca9c9ba
- SHA1
  
  ab10e5c867cd042b37267582ade18f5f64dbfaad
- SHA256
  
  b2e3f03e8c40c6ac8f71e22a34cc667118eac3838f0f2c551c55980b0a50a12b
- SHA512
  
  7bbc16a8670faeac82f89036f6e97d764dfc074c82b9ab7c3abfa20effea8d652884a7cbfa944b89133ff5b6133369cce7250cfe2ac4aeb3f7bb5dd6e34c2ede
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral3 behavioral4
- Target
  
  file-100.xls
- Size
  
  64KB
- MD5
  
  7ff17f9111a583c624479c18508fd0c8
- SHA1
  
  b81e0145050fc9665c4107003440a1b74ecb547b
- SHA256
  
  3b413feb63b3885f0e8177941b37354b0e45e1f18b5e57010a771e475d7de0f2
- SHA512
  
  6c4ae66133f59ddd7de4a17723906eeebfaee0aae6b0365f02e94d2e9d249e6741c0aaf5ebea7a60a6ed2d8e00e5adb413ece71492a1bf339f65e8e920b34470
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral5 behavioral6
- Target
  
  file-1000.xls
- Size
  
  65KB
- MD5
  
  087d0c52c0d79745dba60bda6595f200
- SHA1
  
  f07fd36c0d40cc3c005f2762aa707d0217e40e88
- SHA256
  
  139aec84aa529d034a2299210fc8d8c23d2188300e5851f48e909d4813c371df
- SHA512
  
  eae402debf0119d30e476fc3b3d50e92cb30fdf1fc36199730f44f382eb2d2b63bf8fd0954925de605be841ccc761e229101d9701115f55af0733a0347bc32f5
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral7 behavioral8
- Target
  
  file-1001.xls
- Size
  
  65KB
- MD5
  
  38039b0fd8bc165fd40eab1023cda9a4
- SHA1
  
  c0aa768a83c629fcfa3f80ce646105b5919c99f4
- SHA256
  
  7b3166872d7c274a1492ce3a46bb16f6f70c0e96e088cdd1a9496b199869f73e
- SHA512
  
  ec880399691725316e45ce6bd930650a3daaa8947d2f9e6ea7a2799c200401d1ca334548210c1bcc198683c798c3976ffa73816f7b2603d8f1715dce0837994c
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral9 behavioral10
- Target
  
  file-101.xls
- Size
  
  64KB
- MD5
  
  560181e4cde03685b805025943fb2d49
- SHA1
  
  4fa830abcfef35042484a7991a9ff0b15c34bcd6
- SHA256
  
  e4f12be31a8640986ecbcea3fd9b8cf22936e0db666d6dbdd87b77e798f22415
- SHA512
  
  e7744bb93b4f33b20113268409aa23974ebb296e6235bde6caa407de9d3fc3b5dd01bd3f488fd74c1604ada88b9438a8ab5c0efe4a039cd8a4e47b2febb32e8f
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral11 behavioral12
- Target
  
  file-102.xls
- Size
  
  65KB
- MD5
  
  7a8813f9a0a2303446dbaf5b6f186f59
- SHA1
  
  323afa1077b943d126a88bc8b12afef29ecab403
- SHA256
  
  91ee58093bb04fb59a5ff5b9bbc57cb486ecd6d47097961aeddef63b4894660c
- SHA512
  
  15bf361b758660c0b072f03437e772e8d4b907832dec9d9bfc0e58cb6e8c796ff8524123f92f710c0624072885819aa446efa47b61b2f2a5231e9fc00e2a436a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral13 behavioral14
- Target
  
  file-103.xls
- Size
  
  64KB
- MD5
  
  7130dc5fd15280036f66dfe54d6eb342
- SHA1
  
  0cbeb6e7c8b92ab7aff6c450ea6cb345ecd39252
- SHA256
  
  c2afa3ed6debe7be63cea31c4d1738e0b09d3c16b0c7c26150d3f86ca233d669
- SHA512
  
  a22e263c834b4e7ff7805d5126ce11849ede66caa9dfd0f93e07c541507490cdb4ea653eb91eee6b94967c713351882fa1a98c4fdf85cb03987bea3ae10d972c
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral15 behavioral16
- Target
  
  file-104.xls
- Size
  
  64KB
- MD5
  
  47cc3d9d43836b5b3666d4b2dc364947
- SHA1
  
  e10db24aed6a79258a265d5a64e5ebabb12c0281
- SHA256
  
  95f59b516215ead7bb2125a60e09fc5efc408a0d374d11538376e9b936d5d300
- SHA512
  
  98e2c6b4b06a1f3411b19b77c474b2c870d5f2a8149664e475578f022595bfa94cbd901ecd366abd4fab0a5f98a332bf05273bb8cf356ec1963c22f528efc8fe
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral17 behavioral18
- Target
  
  file-105.xls
- Size
  
  65KB
- MD5
  
  53bea098b495f96218c09f17e22fad9d
- SHA1
  
  6915db9be1e538e396e5f1d59c640158e26af73b
- SHA256
  
  da0decbda63cc2fbb3b768d77078db1ef537aff2878d873a2c6614df519f9716
- SHA512
  
  1ad2e399b79afff95cc2cc337a181ac20cb5523b474d5d6ec4e9de4fee336f605ef871189700ed64052f437b07b84598e1c2920b447f72b5491dbea563ef5c5f
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral19 behavioral20
- Target
  
  file-106.xls
- Size
  
  65KB
- MD5
  
  2763aef16870a1b373fdf14c6ac811ad
- SHA1
  
  b8030cb7ba26cfced89126a23524a8f61ed72129
- SHA256
  
  627d8f3bbf507ca99ff8a25eda4d37db4876166f84dd5be05d032f53b275c20b
- SHA512
  
  013463943a7c47afe2b85c5c1ec877c3f159ec7c281085acbfc7efb67e8f9087d577f6ea41217842286dc76a19486fc5e4398eef90a2b4d0fbf852f98b0434b1
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral21 behavioral22
- Target
  
  file-107.xls
- Size
  
  65KB
- MD5
  
  612cd1ceba956cc855c074e3950abf84
- SHA1
  
  48c59cfe949b6cf8197aad0dea84f1afd1126e39
- SHA256
  
  d088edcf478a2549fc71edc9e167790709ab7c4faea48ae0cb99c8b9eaca19b5
- SHA512
  
  b570202a7bd73c957ba8c841b0898e12e72525b800caa933b47e8b6a369576c57ebd009b70c777ca371ed436ee4b6f75333f576a9eb74e0bf3a4193f96919781
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral23 behavioral24
- Target
  
  file-108.xls
- Size
  
  64KB
- MD5
  
  c2c4de85ee886fbc2a677f392d3c44bb
- SHA1
  
  de79f091a6696269b1678762cf42088cacc3f2f8
- SHA256
  
  2e073b0a6cdff74003aa7791807d3c23b10286a983192a6dc6a4dbe62b68a079
- SHA512
  
  e43f87fd05d6cbb3b916151641c760ec00acfc90990024f3fd669b9cf52b007025464c5c8d277ac69d9b6a4a73323c34961a224a9110d97200398d52bbbd355d
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral25 behavioral26
- Target
  
  file-109.xls
- Size
  
  64KB
- MD5
  
  2cb6e9a634e9c4ec6f778ea99ca7d0d0
- SHA1
  
  86fa8fc1a65ddd9101bfdc1fa9856047fe8cdf4a
- SHA256
  
  bb6945ad81d2dbbd4887be5f66373feebdab044c1d2ec5f014fb18398595946c
- SHA512
  
  50aa4c85fd481d38c791154b746b85da15fc7d1a0ed24c8f4838bb4e1f64d63bd84b0d9606b3838c6d2218b6bd1e1f8f585cd23b4cb15f16ca1e06054fe6b3c6
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral27 behavioral28
- Target
  
  file-11.xls
- Size
  
  64KB
- MD5
  
  9b93fd2ac370415d233c940926f48636
- SHA1
  
  2298b78c197eb4f5b6158cc1690c586a5702b590
- SHA256
  
  db73efcf4ce763316a70c7047946d1b85d5b7c0ea41e9727adb41681b7507841
- SHA512
  
  c1bd288b8ebe3f1c8995e6e9a0c51b8a2cf3e875aa00faddd15038b41c235f9387a658104d19dbec37d7f2628e67653b95463c28392f98f223b00b2b28359fe7
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral29 behavioral30
- Target
  
  file-110.xls
- Size
  
  65KB
- MD5
  
  0f0583a335e29cf6397316ea7c74e210
- SHA1
  
  60ef9d24eb9ef6c102596d3fb0032c48edff7d5e
- SHA256
  
  64fdccb41a13f3e7f28c0af35982bdff42ccf8c46ace6894a592ff566c10738c
- SHA512
  
  f11d03df55eb3aa1c7e10275e898bd5083079f25467c0487e1b19fb2de816aeca5cf604ff11f82087b505d580bae4c61dab9c80037b774c801a33eb63cdc919a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

Process spawned unexpected child process

Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32