Overview

overview

10

Static

static

8

607cb926b6...4a.xls

windows7-x64

10

607cb926b6...4a.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    607cb926b681584c8b88929b0ddb9f5a2815ddb53ec7443d7f12556fa8096a4a

  • Size

    35KB

  • Sample

    241120-adc6cawblh

  • MD5

    036db005874ec0c80a94d1b943c4c0a6

  • SHA1

    0f9bb489b736ba517bd6369ed33da4c1797c30be

  • SHA256

    607cb926b681584c8b88929b0ddb9f5a2815ddb53ec7443d7f12556fa8096a4a

  • SHA512

    5a033383cbab7ec056cd9ed904523d69d25b5a0f8415ba523db206afcb0e53eddae0ef0364bed8688e4f44a283b787ca497e1d8caa792c89521ef9b41b8b0475

  • SSDEEP

    768:f1kk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJjj6ehEnmEzk:f1kk3hbdlylKsgqopeJBWhZFGkE+cL2V

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://91.240.118.168/oo/aa/se.html

Targets

    • Target

      607cb926b681584c8b88929b0ddb9f5a2815ddb53ec7443d7f12556fa8096a4a

    • Size

      35KB

    • MD5

      036db005874ec0c80a94d1b943c4c0a6

    • SHA1

      0f9bb489b736ba517bd6369ed33da4c1797c30be

    • SHA256

      607cb926b681584c8b88929b0ddb9f5a2815ddb53ec7443d7f12556fa8096a4a

    • SHA512

      5a033383cbab7ec056cd9ed904523d69d25b5a0f8415ba523db206afcb0e53eddae0ef0364bed8688e4f44a283b787ca497e1d8caa792c89521ef9b41b8b0475

    • SSDEEP

      768:f1kk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJjj6ehEnmEzk:f1kk3hbdlylKsgqopeJBWhZFGkE+cL2V

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks