General
-
Target
document-37-1849.xls.ZIP
-
Size
176KB
-
Sample
210601-fpxsgwd8p2
-
MD5
872f30683bd1528b251149fd61f3e2ba
-
SHA1
68cfd5dcfe38fdc2e9eb353169c1d5acb09ce994
-
SHA256
59de5c70ad1a5134fda141c933380bf1e55eb52e041ff37cf5394f8b9dcb5767
-
SHA512
5665468bde8a378c7d84f44a20bfb97c812e59b038274f89d1449fb7c4231045fd902f6588984ffe1531fe0b4866fcba00e0a365d9bbcf3cf0e240fa563cc768
Static task
static1
Behavioral task
behavioral1
Sample
document-37-1849.xls
Resource
win7v20210408
Behavioral task
behavioral2
Sample
document-37-1849.xls
Resource
win10v20210410
Malware Config
Extracted
https://austinheisey.com/xls/black/index/processingSetRequestDownloadPayloader/?servername=excel
Targets
-
-
Target
document-37-1849.xls
-
Size
187KB
-
MD5
c41a21a821bcdea1d3ab26ebef055eed
-
SHA1
912c8c1792dd33bac263df4b71242078d74741e9
-
SHA256
d1d0ac76e59b9e2a8ae3a433e0186d74fc61417c89fe5ee4b93c02faa1dc58f8
-
SHA512
ed665e9a7d3e950318628ad4ea112da063e4f156ea7d2d58fbeaa31cc2486c7d2debb779da72723d8f55bdec6b9a4b87f9d148c50b0a368c4bc5b59ac646a42a
Score10/10-
DoubleBack x64 Payload
-
DoubleBack x86 Payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-