Overview

overview

10

Static

static

8

948623f268...a.xlsb

windows7-x64

10

948623f268...a.xlsb

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    948623f268bfd3b32065be69c00459b70a8ccce8197344edcb7a625ae6f3064a

  • Size

    20KB

  • Sample

    221130-thjcpsec89

  • MD5

    9f74302910106a5ed67ea6b0ba56381e

  • SHA1

    e46678b1c96fb5f2b9a62a31d25514f5f0458746

  • SHA256

    948623f268bfd3b32065be69c00459b70a8ccce8197344edcb7a625ae6f3064a

  • SHA512

    4f1831aa6563ebadc90e0329f70f4d898dcf5a4ecf2466744ac5bddce410eb898129837ff0f4184074ea178ae271ba56f9d5f62801c2018d78c22eb3b28479ae

  • SSDEEP

    384:4FhW90ydqrMv0Y4XPgmhDAZjdKv1lgcFV9ChVtnBe:MN4vx4XNDAXKtlgcwPnA

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fast-cargo.com/images/file/3.exe

Targets

    • Target

      948623f268bfd3b32065be69c00459b70a8ccce8197344edcb7a625ae6f3064a

    • Size

      20KB

    • MD5

      9f74302910106a5ed67ea6b0ba56381e

    • SHA1

      e46678b1c96fb5f2b9a62a31d25514f5f0458746

    • SHA256

      948623f268bfd3b32065be69c00459b70a8ccce8197344edcb7a625ae6f3064a

    • SHA512

      4f1831aa6563ebadc90e0329f70f4d898dcf5a4ecf2466744ac5bddce410eb898129837ff0f4184074ea178ae271ba56f9d5f62801c2018d78c22eb3b28479ae

    • SSDEEP

      384:4FhW90ydqrMv0Y4XPgmhDAZjdKv1lgcFV9ChVtnBe:MN4vx4XNDAXKtlgcwPnA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks