Overview

overview

10

Static

static

1

anmodning ..._1.xls

windows7-x64

10

anmodning ..._1.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    anmodning om citat_1.xls

  • Size

    1.3MB

  • Sample

    230426-r75wwsbh2y

  • MD5

    22557bcb606e70913b7d4a9499315174

  • SHA1

    5a04cece274ce7d09f171fd72296f1e5d7102045

  • SHA256

    7a69e09e7d6fa78034070f5ea2535d4676299925cb0ffa60657eaa75b814708a

  • SHA512

    e9b7f229d7ece49b0986c45b047743cad7de6a127ce4a9fc9bc5d3b61e3927f8859b7808b376e808bdb529355052bcc7d850a4569805a6ef57fb3e9ea0960321

  • SSDEEP

    24576:4LKH6D4bt5kFZLIfGSO8EKXwjvFbV6bUlvfJT6:4LKHKFZmGSzEfVaOvB2

Score
10/10

Malware Config

Targets

    • Target

      anmodning om citat_1.xls

    • Size

      1.3MB

    • MD5

      22557bcb606e70913b7d4a9499315174

    • SHA1

      5a04cece274ce7d09f171fd72296f1e5d7102045

    • SHA256

      7a69e09e7d6fa78034070f5ea2535d4676299925cb0ffa60657eaa75b814708a

    • SHA512

      e9b7f229d7ece49b0986c45b047743cad7de6a127ce4a9fc9bc5d3b61e3927f8859b7808b376e808bdb529355052bcc7d850a4569805a6ef57fb3e9ea0960321

    • SSDEEP

      24576:4LKH6D4bt5kFZLIfGSO8EKXwjvFbV6bUlvfJT6:4LKHKFZmGSzEfVaOvB2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks