Overview

overview

10

Static

static

8

?i=1rzjobrmv.xlsm

windows7_x64

10

?i=1rzjobrmv.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ?i=1rzjobrmv

  • Size

    114KB

  • Sample

    220411-dqtkmsbfe9

  • MD5

    f8ecaf3d4168b075f418c121a763ae0f

  • SHA1

    cd99515256f845d4b6ca4f8a4f5ff6d0f1d0eff3

  • SHA256

    d145d8bd97ef82aed65a01e30b7523f9380bdef7e4af3cbb706c3fe571d2accb

  • SHA512

    bb37a13fdef41887f119faf79af415cb14a894f9b5ef757a7be9a665afcd0df5a491b6b4a4bf0ed46c5e6b6a0dcd247ad52e1f94b4567d1287d319ed7459ce60

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://92.255.57.195/sec/sec.html

Targets

    • Target

      ?i=1rzjobrmv

    • Size

      114KB

    • MD5

      f8ecaf3d4168b075f418c121a763ae0f

    • SHA1

      cd99515256f845d4b6ca4f8a4f5ff6d0f1d0eff3

    • SHA256

      d145d8bd97ef82aed65a01e30b7523f9380bdef7e4af3cbb706c3fe571d2accb

    • SHA512

      bb37a13fdef41887f119faf79af415cb14a894f9b5ef757a7be9a665afcd0df5a491b6b4a4bf0ed46c5e6b6a0dcd247ad52e1f94b4567d1287d319ed7459ce60

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks