Overview

overview

10

Static

static

8

4fe8595642...b0.xls

windows7-x64

10

4fe8595642...b0.xls

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4fe8595642d93575581171852e4c7fd1bc120e5e841b7042a5345776f715a6b0

  • Size

    75KB

  • Sample

    240822-1btcna1epp

  • MD5

    f771b3259ad21283830c709b354a86e6

  • SHA1

    5e2c297f6453fefabd7dfb0ed8bee452a0518f1d

  • SHA256

    4fe8595642d93575581171852e4c7fd1bc120e5e841b7042a5345776f715a6b0

  • SHA512

    4dc640c1afcd90efe11d69e7f48875408b5ebd31be896929fa8af116fe331aa79d8175891e24336222ed9616775f433390ca6c3c8fa8ee79b56966322f19c966

  • SSDEEP

    1536:nI+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x2:nI+HymsYk3hbdlylKsgqopeJBWhZFGkE

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://91.240.118.168/zzx/ccv/fe.html

Targets

    • Target

      4fe8595642d93575581171852e4c7fd1bc120e5e841b7042a5345776f715a6b0

    • Size

      75KB

    • MD5

      f771b3259ad21283830c709b354a86e6

    • SHA1

      5e2c297f6453fefabd7dfb0ed8bee452a0518f1d

    • SHA256

      4fe8595642d93575581171852e4c7fd1bc120e5e841b7042a5345776f715a6b0

    • SHA512

      4dc640c1afcd90efe11d69e7f48875408b5ebd31be896929fa8af116fe331aa79d8175891e24336222ed9616775f433390ca6c3c8fa8ee79b56966322f19c966

    • SSDEEP

      1536:nI+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x2:nI+HymsYk3hbdlylKsgqopeJBWhZFGkE

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks