Overview

overview

10

Static

static

8

İşlem makbuzu.xls

windows7_x64

10

İşlem makbuzu.xls

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    İşlem makbuzu.xls

  • Size

    1.2MB

  • Sample

    200714-q5gbzphyhj

  • MD5

    e1ad40565ca903516bd05ba7fda11572

  • SHA1

    37da3e979b21cf1cfce1caf621e87e4976d85c39

  • SHA256

    bc931d7664aeaef451ee7a596031259b24fc48772e624e2d7bf0e18c094551ef

  • SHA512

    ac66861c96ee0608e4a931121f0edf9bd89937998d0899711f4385c8a33b0b6535643f3000da063bd8cfdd6c1f5826a7e632ca00085e3fdbd73b25622da4b4b4

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://ahjuric.si/Code.txt

Targets

    • Target

      İşlem makbuzu.xls

    • Size

      1.2MB

    • MD5

      e1ad40565ca903516bd05ba7fda11572

    • SHA1

      37da3e979b21cf1cfce1caf621e87e4976d85c39

    • SHA256

      bc931d7664aeaef451ee7a596031259b24fc48772e624e2d7bf0e18c094551ef

    • SHA512

      ac66861c96ee0608e4a931121f0edf9bd89937998d0899711f4385c8a33b0b6535643f3000da063bd8cfdd6c1f5826a7e632ca00085e3fdbd73b25622da4b4b4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks