General
-
Target
wtf.xlsb
-
Size
66KB
-
Sample
210416-1pvmlpjz6n
-
MD5
737f89da37437a70062111ad8ad73e66
-
SHA1
5ea2e0c8c4be4316f6b3c6fdb726712eb544173e
-
SHA256
06cca99c7276b0900994160df03abf629a26a97f73da9e327ea775d19d7bb305
-
SHA512
ed4144114177ff748cd74c0090fb6649e7ec3cb0a72360c5a1b8717f1d4b40f93ed1d629773da65539eb5f446e9c7d21c8dea8713b41286823acb961aec30dc1
Static task
static1
Behavioral task
behavioral1
Sample
wtf.xlsb
Resource
win7v20210410
Behavioral task
behavioral2
Sample
wtf.xlsb
Resource
win10v20210408
Malware Config
Targets
-
-
Target
wtf.xlsb
-
Size
66KB
-
MD5
737f89da37437a70062111ad8ad73e66
-
SHA1
5ea2e0c8c4be4316f6b3c6fdb726712eb544173e
-
SHA256
06cca99c7276b0900994160df03abf629a26a97f73da9e327ea775d19d7bb305
-
SHA512
ed4144114177ff748cd74c0090fb6649e7ec3cb0a72360c5a1b8717f1d4b40f93ed1d629773da65539eb5f446e9c7d21c8dea8713b41286823acb961aec30dc1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Guloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Use of msiexec (install) with remote resource
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-