Overview
overview
10Static
static
8file-1.xls
windows7_x64
10file-1.xls
windows10_x64
10file-10.xls
windows7_x64
10file-10.xls
windows10_x64
10file-100.xls
windows7_x64
10file-100.xls
windows10_x64
10file-1000.xls
windows7_x64
10file-1000.xls
windows10_x64
10file-1001.xls
windows7_x64
10file-1001.xls
windows10_x64
10file-101.xls
windows7_x64
10file-101.xls
windows10_x64
10file-102.xls
windows7_x64
10file-102.xls
windows10_x64
10file-103.xls
windows7_x64
10file-103.xls
windows10_x64
10file-104.xls
windows7_x64
10file-104.xls
windows10_x64
10file-105.xls
windows7_x64
10file-105.xls
windows10_x64
10file-106.xls
windows7_x64
10file-106.xls
windows10_x64
10file-107.xls
windows7_x64
10file-107.xls
windows10_x64
10file-108.xls
windows7_x64
10file-108.xls
windows10_x64
10file-109.xls
windows7_x64
10file-109.xls
windows10_x64
10file-11.xls
windows7_x64
10file-11.xls
windows10_x64
10file-110.xls
windows7_x64
10file-110.xls
windows10_x64
10General
-
Target
7711d6fb56bb07b0db1056116eebfe905174f3772177006c61a7d2ecb1768311
-
Size
23.0MB
-
Sample
220128-b7y6caebbl
-
MD5
cf480c70d1806240c8fed158eac87862
-
SHA1
022d578071946778168ee88830bf6053c371ac0a
-
SHA256
7711d6fb56bb07b0db1056116eebfe905174f3772177006c61a7d2ecb1768311
-
SHA512
0635ebf6e331d58384d4452765c58f22d775969ee1e501d31a806ab4ef998d072fb7dcd4238a827e69b5e7b1637b565f4253e98f8c8291e3442a0c2b0216dd08
Behavioral task
behavioral1
Sample
file-1.xls
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
file-1.xls
Resource
win10-en-20211208
Behavioral task
behavioral3
Sample
file-10.xls
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
file-10.xls
Resource
win10-en-20211208
Behavioral task
behavioral5
Sample
file-100.xls
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
file-100.xls
Resource
win10-en-20211208
Behavioral task
behavioral7
Sample
file-1000.xls
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
file-1000.xls
Resource
win10-en-20211208
Behavioral task
behavioral9
Sample
file-1001.xls
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
file-1001.xls
Resource
win10-en-20211208
Behavioral task
behavioral11
Sample
file-101.xls
Resource
win7-en-20211208
Behavioral task
behavioral12
Sample
file-101.xls
Resource
win10-en-20211208
Behavioral task
behavioral13
Sample
file-102.xls
Resource
win7-en-20211208
Behavioral task
behavioral14
Sample
file-102.xls
Resource
win10-en-20211208
Behavioral task
behavioral15
Sample
file-103.xls
Resource
win7-en-20211208
Behavioral task
behavioral16
Sample
file-103.xls
Resource
win10-en-20211208
Behavioral task
behavioral17
Sample
file-104.xls
Resource
win7-en-20211208
Behavioral task
behavioral18
Sample
file-104.xls
Resource
win10-en-20211208
Behavioral task
behavioral19
Sample
file-105.xls
Resource
win7-en-20211208
Behavioral task
behavioral20
Sample
file-105.xls
Resource
win10-en-20211208
Behavioral task
behavioral21
Sample
file-106.xls
Resource
win7-en-20211208
Behavioral task
behavioral22
Sample
file-106.xls
Resource
win10-en-20211208
Behavioral task
behavioral23
Sample
file-107.xls
Resource
win7-en-20211208
Behavioral task
behavioral24
Sample
file-107.xls
Resource
win10-en-20211208
Behavioral task
behavioral25
Sample
file-108.xls
Resource
win7-en-20211208
Behavioral task
behavioral26
Sample
file-108.xls
Resource
win10-en-20211208
Behavioral task
behavioral27
Sample
file-109.xls
Resource
win7-en-20211208
Behavioral task
behavioral28
Sample
file-109.xls
Resource
win10-en-20211208
Behavioral task
behavioral29
Sample
file-11.xls
Resource
win7-en-20211208
Behavioral task
behavioral30
Sample
file-11.xls
Resource
win10-en-20211208
Behavioral task
behavioral31
Sample
file-110.xls
Resource
win7-en-20211208
Behavioral task
behavioral32
Sample
file-110.xls
Resource
win10-en-20211208
Malware Config
Extracted
http://0xc12a24f5/cc.html
Targets
-
-
Target
file-1.xls
-
Size
64KB
-
MD5
be6c14686243f70182f1b46492197f43
-
SHA1
56be88f03cddb41f01cde7839441aef10817e364
-
SHA256
01f595d0e040fa2450c3a453aa31cab55a53e706896cf7446a6549c69c25a83a
-
SHA512
dbef867376fe6dea0414a8f82b21d264921365865e2c1acbe5fd314c2dfd2286e5002af0289869acf0e5b60485d420e8f582292c90e727c4b0eea3939b2746e4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-10.xls
-
Size
64KB
-
MD5
407ca1c008aa11bf01667acb1ca9c9ba
-
SHA1
ab10e5c867cd042b37267582ade18f5f64dbfaad
-
SHA256
b2e3f03e8c40c6ac8f71e22a34cc667118eac3838f0f2c551c55980b0a50a12b
-
SHA512
7bbc16a8670faeac82f89036f6e97d764dfc074c82b9ab7c3abfa20effea8d652884a7cbfa944b89133ff5b6133369cce7250cfe2ac4aeb3f7bb5dd6e34c2ede
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-100.xls
-
Size
64KB
-
MD5
7ff17f9111a583c624479c18508fd0c8
-
SHA1
b81e0145050fc9665c4107003440a1b74ecb547b
-
SHA256
3b413feb63b3885f0e8177941b37354b0e45e1f18b5e57010a771e475d7de0f2
-
SHA512
6c4ae66133f59ddd7de4a17723906eeebfaee0aae6b0365f02e94d2e9d249e6741c0aaf5ebea7a60a6ed2d8e00e5adb413ece71492a1bf339f65e8e920b34470
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-1000.xls
-
Size
65KB
-
MD5
087d0c52c0d79745dba60bda6595f200
-
SHA1
f07fd36c0d40cc3c005f2762aa707d0217e40e88
-
SHA256
139aec84aa529d034a2299210fc8d8c23d2188300e5851f48e909d4813c371df
-
SHA512
eae402debf0119d30e476fc3b3d50e92cb30fdf1fc36199730f44f382eb2d2b63bf8fd0954925de605be841ccc761e229101d9701115f55af0733a0347bc32f5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-1001.xls
-
Size
65KB
-
MD5
38039b0fd8bc165fd40eab1023cda9a4
-
SHA1
c0aa768a83c629fcfa3f80ce646105b5919c99f4
-
SHA256
7b3166872d7c274a1492ce3a46bb16f6f70c0e96e088cdd1a9496b199869f73e
-
SHA512
ec880399691725316e45ce6bd930650a3daaa8947d2f9e6ea7a2799c200401d1ca334548210c1bcc198683c798c3976ffa73816f7b2603d8f1715dce0837994c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-101.xls
-
Size
64KB
-
MD5
560181e4cde03685b805025943fb2d49
-
SHA1
4fa830abcfef35042484a7991a9ff0b15c34bcd6
-
SHA256
e4f12be31a8640986ecbcea3fd9b8cf22936e0db666d6dbdd87b77e798f22415
-
SHA512
e7744bb93b4f33b20113268409aa23974ebb296e6235bde6caa407de9d3fc3b5dd01bd3f488fd74c1604ada88b9438a8ab5c0efe4a039cd8a4e47b2febb32e8f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-102.xls
-
Size
65KB
-
MD5
7a8813f9a0a2303446dbaf5b6f186f59
-
SHA1
323afa1077b943d126a88bc8b12afef29ecab403
-
SHA256
91ee58093bb04fb59a5ff5b9bbc57cb486ecd6d47097961aeddef63b4894660c
-
SHA512
15bf361b758660c0b072f03437e772e8d4b907832dec9d9bfc0e58cb6e8c796ff8524123f92f710c0624072885819aa446efa47b61b2f2a5231e9fc00e2a436a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-103.xls
-
Size
64KB
-
MD5
7130dc5fd15280036f66dfe54d6eb342
-
SHA1
0cbeb6e7c8b92ab7aff6c450ea6cb345ecd39252
-
SHA256
c2afa3ed6debe7be63cea31c4d1738e0b09d3c16b0c7c26150d3f86ca233d669
-
SHA512
a22e263c834b4e7ff7805d5126ce11849ede66caa9dfd0f93e07c541507490cdb4ea653eb91eee6b94967c713351882fa1a98c4fdf85cb03987bea3ae10d972c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-104.xls
-
Size
64KB
-
MD5
47cc3d9d43836b5b3666d4b2dc364947
-
SHA1
e10db24aed6a79258a265d5a64e5ebabb12c0281
-
SHA256
95f59b516215ead7bb2125a60e09fc5efc408a0d374d11538376e9b936d5d300
-
SHA512
98e2c6b4b06a1f3411b19b77c474b2c870d5f2a8149664e475578f022595bfa94cbd901ecd366abd4fab0a5f98a332bf05273bb8cf356ec1963c22f528efc8fe
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-105.xls
-
Size
65KB
-
MD5
53bea098b495f96218c09f17e22fad9d
-
SHA1
6915db9be1e538e396e5f1d59c640158e26af73b
-
SHA256
da0decbda63cc2fbb3b768d77078db1ef537aff2878d873a2c6614df519f9716
-
SHA512
1ad2e399b79afff95cc2cc337a181ac20cb5523b474d5d6ec4e9de4fee336f605ef871189700ed64052f437b07b84598e1c2920b447f72b5491dbea563ef5c5f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-106.xls
-
Size
65KB
-
MD5
2763aef16870a1b373fdf14c6ac811ad
-
SHA1
b8030cb7ba26cfced89126a23524a8f61ed72129
-
SHA256
627d8f3bbf507ca99ff8a25eda4d37db4876166f84dd5be05d032f53b275c20b
-
SHA512
013463943a7c47afe2b85c5c1ec877c3f159ec7c281085acbfc7efb67e8f9087d577f6ea41217842286dc76a19486fc5e4398eef90a2b4d0fbf852f98b0434b1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-107.xls
-
Size
65KB
-
MD5
612cd1ceba956cc855c074e3950abf84
-
SHA1
48c59cfe949b6cf8197aad0dea84f1afd1126e39
-
SHA256
d088edcf478a2549fc71edc9e167790709ab7c4faea48ae0cb99c8b9eaca19b5
-
SHA512
b570202a7bd73c957ba8c841b0898e12e72525b800caa933b47e8b6a369576c57ebd009b70c777ca371ed436ee4b6f75333f576a9eb74e0bf3a4193f96919781
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-108.xls
-
Size
64KB
-
MD5
c2c4de85ee886fbc2a677f392d3c44bb
-
SHA1
de79f091a6696269b1678762cf42088cacc3f2f8
-
SHA256
2e073b0a6cdff74003aa7791807d3c23b10286a983192a6dc6a4dbe62b68a079
-
SHA512
e43f87fd05d6cbb3b916151641c760ec00acfc90990024f3fd669b9cf52b007025464c5c8d277ac69d9b6a4a73323c34961a224a9110d97200398d52bbbd355d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-109.xls
-
Size
64KB
-
MD5
2cb6e9a634e9c4ec6f778ea99ca7d0d0
-
SHA1
86fa8fc1a65ddd9101bfdc1fa9856047fe8cdf4a
-
SHA256
bb6945ad81d2dbbd4887be5f66373feebdab044c1d2ec5f014fb18398595946c
-
SHA512
50aa4c85fd481d38c791154b746b85da15fc7d1a0ed24c8f4838bb4e1f64d63bd84b0d9606b3838c6d2218b6bd1e1f8f585cd23b4cb15f16ca1e06054fe6b3c6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-11.xls
-
Size
64KB
-
MD5
9b93fd2ac370415d233c940926f48636
-
SHA1
2298b78c197eb4f5b6158cc1690c586a5702b590
-
SHA256
db73efcf4ce763316a70c7047946d1b85d5b7c0ea41e9727adb41681b7507841
-
SHA512
c1bd288b8ebe3f1c8995e6e9a0c51b8a2cf3e875aa00faddd15038b41c235f9387a658104d19dbec37d7f2628e67653b95463c28392f98f223b00b2b28359fe7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
-
-
Target
file-110.xls
-
Size
65KB
-
MD5
0f0583a335e29cf6397316ea7c74e210
-
SHA1
60ef9d24eb9ef6c102596d3fb0032c48edff7d5e
-
SHA256
64fdccb41a13f3e7f28c0af35982bdff42ccf8c46ace6894a592ff566c10738c
-
SHA512
f11d03df55eb3aa1c7e10275e898bd5083079f25467c0487e1b19fb2de816aeca5cf604ff11f82087b505d580bae4c61dab9c80037b774c801a33eb63cdc919a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-