Overview

overview

10

Static

static

8

3e8142e24f...ed.xls

windows7-x64

10

3e8142e24f...ed.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e8142e24f51fe068008092a5ba10388_modified

  • Size

    61KB

  • Sample

    230225-jr651sce95

  • MD5

    4fe4dc3e0320e98b34e3a5c25a792caf

  • SHA1

    e22e4afee2cc1035a15d48bfc6dff40332a77151

  • SHA256

    4a6c04c7908166e8916848e31c21abddc1e3fccc6c45deebb9169d14fb0f7fbb

  • SHA512

    0caaa225c760c4ba5c0616c7ba1f6d703c7606d8172f339c7b97e4d493cc30cf1f97d030a4c1472c65c665eaba63ccf057eeac57e1da23e1dc3949df3872fdd9

  • SSDEEP

    1536:8URk3hbdlylKsgqopeJBWhZFGkE+cL2NdAKNzMk9B+oo1zMk9A+oos:8Mk3hbdlylKsgqopeJBWhZFGkE+cL2N0

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://87.251.86.178/pp/cc.html

Targets

    • Target

      3e8142e24f51fe068008092a5ba10388_modified

    • Size

      61KB

    • MD5

      4fe4dc3e0320e98b34e3a5c25a792caf

    • SHA1

      e22e4afee2cc1035a15d48bfc6dff40332a77151

    • SHA256

      4a6c04c7908166e8916848e31c21abddc1e3fccc6c45deebb9169d14fb0f7fbb

    • SHA512

      0caaa225c760c4ba5c0616c7ba1f6d703c7606d8172f339c7b97e4d493cc30cf1f97d030a4c1472c65c665eaba63ccf057eeac57e1da23e1dc3949df3872fdd9

    • SSDEEP

      1536:8URk3hbdlylKsgqopeJBWhZFGkE+cL2NdAKNzMk9B+oo1zMk9A+oos:8Mk3hbdlylKsgqopeJBWhZFGkE+cL2N0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks