Overview

overview

10

Static

static

8

PO_371_50_37.xls

windows7_x64

10

PO_371_50_37.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO_371_50_37.xls

  • Size

    396KB

  • Sample

    210313-ergtac7nlx

  • MD5

    dd94071fbb3459fb33069767de531441

  • SHA1

    5203fa48ba79e3626bcec7ecf3c1838c484760ef

  • SHA256

    d7a4a7c4bced1b93c3bf1252ef98ccfd1129452a675633349f5f98d3c968df37

  • SHA512

    d96e8fb052ffadee0961ff6fca2649066a81a02a3a4dee763e89d98b77cbd11faf15fa8a83b3c72e68d02284ee7dcd4a93f675a3f1da87a89d4c5f6a89fd64d8

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://bit.ly/2OQ9elm

Targets

    • Target

      PO_371_50_37.xls

    • Size

      396KB

    • MD5

      dd94071fbb3459fb33069767de531441

    • SHA1

      5203fa48ba79e3626bcec7ecf3c1838c484760ef

    • SHA256

      d7a4a7c4bced1b93c3bf1252ef98ccfd1129452a675633349f5f98d3c968df37

    • SHA512

      d96e8fb052ffadee0961ff6fca2649066a81a02a3a4dee763e89d98b77cbd11faf15fa8a83b3c72e68d02284ee7dcd4a93f675a3f1da87a89d4c5f6a89fd64d8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks