Overview

overview

10

Static

static

8

cc5c36c738...1f.xls

windows7-x64

10

cc5c36c738...1f.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc5c36c738c206cfc834c632e359739f4cbde4c34607363f337df35987af751f

  • Size

    114KB

  • Sample

    241120-xbeygs1bmb

  • MD5

    449a2e43961640dc6331c4747bc108cb

  • SHA1

    4ef0b29acf8537bd0e13792537acb300446f26e5

  • SHA256

    cc5c36c738c206cfc834c632e359739f4cbde4c34607363f337df35987af751f

  • SHA512

    6ebf2bc7ab872687cd034f93da26a609c9fa95b031d476becf0129e992bf4f8dc2a2ca483edc1c02105b63ae39525b5f9508718e47253fd57e071dce770dcf7d

  • SSDEEP

    3072:yW+nBqmsk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIXxe53lGvFTQ3IzxgdrvxpU0S:t+nBqmsk3hbdlylKsgqopeJBWhZFVE+S

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://185.7.214.7/fer/fe5.html

Targets

    • Target

      cc5c36c738c206cfc834c632e359739f4cbde4c34607363f337df35987af751f

    • Size

      114KB

    • MD5

      449a2e43961640dc6331c4747bc108cb

    • SHA1

      4ef0b29acf8537bd0e13792537acb300446f26e5

    • SHA256

      cc5c36c738c206cfc834c632e359739f4cbde4c34607363f337df35987af751f

    • SHA512

      6ebf2bc7ab872687cd034f93da26a609c9fa95b031d476becf0129e992bf4f8dc2a2ca483edc1c02105b63ae39525b5f9508718e47253fd57e071dce770dcf7d

    • SSDEEP

      3072:yW+nBqmsk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIXxe53lGvFTQ3IzxgdrvxpU0S:t+nBqmsk3hbdlylKsgqopeJBWhZFVE+S

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks