3b137cbbd7a33bbed25b28a49a7d05ede977ad0e8cf586873bbafcfe375ec699 | Triage

Submit
Reports

Overview

overview

Static

static

8

2761395201.xls

windows7_x64

2761395201.xls

windows10_x64

Sharing

General

Target

2761395201.xls
Size

1.8MB
Sample

200624-aqkxbkknsj
MD5

a17e5c6d0278bc25eb69a5b39a902372
SHA1

34c74a1ee53e94fd1b782af2a21c38af6cca760c
SHA256

3b137cbbd7a33bbed25b28a49a7d05ede977ad0e8cf586873bbafcfe375ec699
SHA512

d5b000c1622d9cfb21adca877e54f01a7fc63fb2ea6d776eb59abd4a457a04371dab914cf8f1d23fe146e08d430e438ab2bb67f91b3bcacf91b28dcd82b493cb

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

2761395201.xls

Resource

win7v200430

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2761395201.xls

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://office-services-sec.com/crimea.ps1

Targets

- Target
  
  2761395201.xls
- Size
  
  1.8MB
- MD5
  
  a17e5c6d0278bc25eb69a5b39a902372
- SHA1
  
  34c74a1ee53e94fd1b782af2a21c38af6cca760c
- SHA256
  
  3b137cbbd7a33bbed25b28a49a7d05ede977ad0e8cf586873bbafcfe375ec699
- SHA512
  
  d5b000c1622d9cfb21adca877e54f01a7fc63fb2ea6d776eb59abd4a457a04371dab914cf8f1d23fe146e08d430e438ab2bb67f91b3bcacf91b28dcd82b493cb
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blacklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy