279bf00b0c81ab8baeb09989215ad376377c40a3abd4358d041ec06746c986fe | Triage

Submit
Reports

Overview

overview

Static

static

8

invoice68684881.xls

windows7_x64

invoice68684881.xls

windows10_x64

Sharing

General

Target

invoice68684881.xls
Size

228KB
Sample

210119-m43jl86ghx
MD5

1a7cd8bd3fcf0b4a7f351a148dc7e40a
SHA1

e336117d94537924cf4ecef038231b29bafdf261
SHA256

279bf00b0c81ab8baeb09989215ad376377c40a3abd4358d041ec06746c986fe
SHA512

7fe9785c22a2be59dba2e7e8974a4c7196522c17e6a3ed6591af2354ee2a601defc6ff023575043063d9dcde1e37211c49aad3cfab71840d312b191ab89d7c63

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

invoice68684881.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice68684881.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://cutt.ly/fjYtydH

Targets

- Target
  
  invoice68684881.xls
- Size
  
  228KB
- MD5
  
  1a7cd8bd3fcf0b4a7f351a148dc7e40a
- SHA1
  
  e336117d94537924cf4ecef038231b29bafdf261
- SHA256
  
  279bf00b0c81ab8baeb09989215ad376377c40a3abd4358d041ec06746c986fe
- SHA512
  
  7fe9785c22a2be59dba2e7e8974a4c7196522c17e6a3ed6591af2354ee2a601defc6ff023575043063d9dcde1e37211c49aad3cfab71840d312b191ab89d7c63
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy