Overview

overview

10

Static

static

?i=1lyjxpcur.xlsm

windows7_x64

10

?i=1lyjxpcur.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ?i=1lyjxpcur

  • Size

    110KB

  • Sample

    220507-esp6nseafm

  • MD5

    a3c1eee45b2ee65f5f0fda091c3b9bfe

  • SHA1

    1bd37dfba56924ab73ce9f6da17a946715b6a76a

  • SHA256

    e95a1d9f8651d516e59ddffadc5fd94a499b888077d6cc60ee5cc1b95c1f91e7

  • SHA512

    ec072cf278b55e4b5e283ebb49aacf924cda7e83a2004c84264a4b1d47b3fb280b6313740fd77df2ac59f007a8f4535f5219a010b1d02a7dd1718f39eca3359e

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://46.105.81.76/c.html

Targets

    • Target

      ?i=1lyjxpcur

    • Size

      110KB

    • MD5

      a3c1eee45b2ee65f5f0fda091c3b9bfe

    • SHA1

      1bd37dfba56924ab73ce9f6da17a946715b6a76a

    • SHA256

      e95a1d9f8651d516e59ddffadc5fd94a499b888077d6cc60ee5cc1b95c1f91e7

    • SHA512

      ec072cf278b55e4b5e283ebb49aacf924cda7e83a2004c84264a4b1d47b3fb280b6313740fd77df2ac59f007a8f4535f5219a010b1d02a7dd1718f39eca3359e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks