c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15 | Triage

Sharing

General

Target

c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15.xlsm
Size

110KB
Sample

220313-p29lsahdaj
MD5

a1f20adb77868064a50bf9bc57f083e8
SHA1

f016542608ddadb035c27ea0e8384dee30c72f51
SHA256

c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15
SHA512

8be3e16a5ed738328db940de7dce129cf7dbdfbefb3b1baa2d15d1c971fd9613bc5047aaea5bd13f6f74b9dff2f6b89c4c033e9a5d934781b9673bd6ff3b9180

Score

10^/10

macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://46.105.81.76/c.html

Targets

- Target
  
  c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15.xlsm
- Size
  
  110KB
- MD5
  
  a1f20adb77868064a50bf9bc57f083e8
- SHA1
  
  f016542608ddadb035c27ea0e8384dee30c72f51
- SHA256
  
  c376ffe4c231464c947bc77a323936d8eb64d85bcd1ddcd33bcc161dae53ef15
- SHA512
  
  8be3e16a5ed738328db940de7dce129cf7dbdfbefb3b1baa2d15d1c971fd9613bc5047aaea5bd13f6f74b9dff2f6b89c4c033e9a5d934781b9673bd6ff3b9180
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2