dc7443935ed909e177df4ee104aa44d63ae47cf482b2d03fe0cff0bc3a1fbfc7 | Triage

Sharing

General

Target

NUEVO PEDIDO - CF0002.xlam.xlsx
Size

624KB
Sample

230815-pxcq9aag67
MD5

5689ad77747f797c7fce700583f816a4
SHA1

0c50fdc9f2e15c8a08c55d4eb4677282e544de4d
SHA256

dc7443935ed909e177df4ee104aa44d63ae47cf482b2d03fe0cff0bc3a1fbfc7
SHA512

6a139d6f80025b4a1518a7178e47366c0176e1e6a73017cb044380ab51a06aaab80e7d2f69d25d673abf463cdf2abe03dc4e1beb6c59926fe4a3afc90da33cd2
SSDEEP

12288:ITIKpW2H8A00G0lx3dgcxaCnF/FrIVN7CbT3AR3fkO15GrnxV60fus/y2:EIKpW2H8A/b3aK5IRfDdCl/y2

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

- Target
  
  NUEVO PEDIDO - CF0002.xlam.xlsx
- Size
  
  624KB
- MD5
  
  5689ad77747f797c7fce700583f816a4
- SHA1
  
  0c50fdc9f2e15c8a08c55d4eb4677282e544de4d
- SHA256
  
  dc7443935ed909e177df4ee104aa44d63ae47cf482b2d03fe0cff0bc3a1fbfc7
- SHA512
  
  6a139d6f80025b4a1518a7178e47366c0176e1e6a73017cb044380ab51a06aaab80e7d2f69d25d673abf463cdf2abe03dc4e1beb6c59926fe4a3afc90da33cd2
- SSDEEP
  
  12288:ITIKpW2H8A00G0lx3dgcxaCnF/FrIVN7CbT3AR3fkO15GrnxV60fus/y2:EIKpW2H8A/b3aK5IRfDdCl/y2
Score

10^/10
- Blocklisted process makes network request
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2