Overview

overview

10

Static

static

8

8dbb2081a9...77.xls

windows7-x64

10

8dbb2081a9...77.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8dbb2081a977b17fb9eeccef92e75765fd2d58c871f2e1af3f39ae5336e6b177

  • Size

    142KB

  • Sample

    241112-h3j9ys1jaq

  • MD5

    994d78ed4f375307b15d5886b8c7b1df

  • SHA1

    1f9fbed0fa4a791a6765351b8a242a79ec80d257

  • SHA256

    8dbb2081a977b17fb9eeccef92e75765fd2d58c871f2e1af3f39ae5336e6b177

  • SHA512

    46b2b712071a87aad30f11b86be7a02f80ada10655762f263e8aaa9888b03b148fb49f73d565d2aedb10d9c7840c0737525bb5302e85f97ce85e9aa1da5b65f7

  • SSDEEP

    3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://185.7.214.7/fer/fer.html

Targets

    • Target

      8dbb2081a977b17fb9eeccef92e75765fd2d58c871f2e1af3f39ae5336e6b177

    • Size

      142KB

    • MD5

      994d78ed4f375307b15d5886b8c7b1df

    • SHA1

      1f9fbed0fa4a791a6765351b8a242a79ec80d257

    • SHA256

      8dbb2081a977b17fb9eeccef92e75765fd2d58c871f2e1af3f39ae5336e6b177

    • SHA512

      46b2b712071a87aad30f11b86be7a02f80ada10655762f263e8aaa9888b03b148fb49f73d565d2aedb10d9c7840c0737525bb5302e85f97ce85e9aa1da5b65f7

    • SSDEEP

      3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks