a107efdc485af702765f756860612789d1162c07eccdf6d2603edf2039a6646c | Triage

Submit
Reports

Overview

overview

Static

static

8

2022-1-28-...a7.xls

windows7_x64

2022-1-28-...a7.xls

windows10_x64

1

Sharing

General

Target

2022-1-28-d5b772ae7545aa12c1c1ac69068186a7.bin
Size

47KB
Sample

220128-bla7dsdfbn
MD5

d5b772ae7545aa12c1c1ac69068186a7
SHA1

9cc3f88fb9d34e9be8298390968676b9cb27c4b1
SHA256

a107efdc485af702765f756860612789d1162c07eccdf6d2603edf2039a6646c
SHA512

099a9509c524bd625238e132786ab59c8f40c1572b8dacbd05d74bcea154f726e974c77a5d56cd0d818776520d0e04b561a195ba4279c412d185bd10521545eb

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

2022-1-28-d5b772ae7545aa12c1c1ac69068186a7.xls

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2022-1-28-d5b772ae7545aa12c1c1ac69068186a7.xls

Resource

win10-en-20211208

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://91.240.118.168/vvv/ppp/fe.html

Targets

- Target
  
  2022-1-28-d5b772ae7545aa12c1c1ac69068186a7.bin
- Size
  
  47KB
- MD5
  
  d5b772ae7545aa12c1c1ac69068186a7
- SHA1
  
  9cc3f88fb9d34e9be8298390968676b9cb27c4b1
- SHA256
  
  a107efdc485af702765f756860612789d1162c07eccdf6d2603edf2039a6646c
- SHA512
  
  099a9509c524bd625238e132786ab59c8f40c1572b8dacbd05d74bcea154f726e974c77a5d56cd0d818776520d0e04b561a195ba4279c412d185bd10521545eb
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy