Overview

overview

10

Static

static

8

ddbdcb17e0...88.xls

windows7-x64

10

ddbdcb17e0...88.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddbdcb17e0df3322fbfc358be914db0e321ba163a4b88c136da0af0c2375c188

  • Size

    104KB

  • Sample

    241120-t8px6syhmf

  • MD5

    b35f5fd8699cc21aef5d5212afe93a0e

  • SHA1

    0cf906e5b8f2454ede372926d8dad040c439173c

  • SHA256

    ddbdcb17e0df3322fbfc358be914db0e321ba163a4b88c136da0af0c2375c188

  • SHA512

    582fb054549437592f5cb5a9fbac834ae0c3290dee12fc518976fc8e4423525c4760fb42a7294cbee9525b805a24c4a1d94da65c55b9d65ba522ae743962a073

  • SSDEEP

    3072:CGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAydb4oifHMVhoSc2vUz3UWDG:Hk3hbdlylKsgqopeJBWhZFVE+W2NdAyu

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://91.240.118.168/qw/as/se.html

Targets

    • Target

      ddbdcb17e0df3322fbfc358be914db0e321ba163a4b88c136da0af0c2375c188

    • Size

      104KB

    • MD5

      b35f5fd8699cc21aef5d5212afe93a0e

    • SHA1

      0cf906e5b8f2454ede372926d8dad040c439173c

    • SHA256

      ddbdcb17e0df3322fbfc358be914db0e321ba163a4b88c136da0af0c2375c188

    • SHA512

      582fb054549437592f5cb5a9fbac834ae0c3290dee12fc518976fc8e4423525c4760fb42a7294cbee9525b805a24c4a1d94da65c55b9d65ba522ae743962a073

    • SSDEEP

      3072:CGk3hbdlylKsgqopeJBWhZFGkE+cL2NdAydb4oifHMVhoSc2vUz3UWDG:Hk3hbdlylKsgqopeJBWhZFVE+W2NdAyu

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks