778e84fab456349fe5c466c16c931446fe3e7b2c76fd89d3a3372f9b75eaa5a1 | Triage

Submit
Reports

Overview

overview

Static

static

1

ORDER 64534.xla.xls

windows7-x64

ORDER 64534.xla.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

ORDER 64534.xla.xlsx
Size

834KB
Sample

230903-rnzwjaah52
MD5

d3457cfb99ec4b92e018fc215eec78d6
SHA1

d54d555220ceee449bb1735cd269d6ef38720949
SHA256

778e84fab456349fe5c466c16c931446fe3e7b2c76fd89d3a3372f9b75eaa5a1
SHA512

4fa085df5dff865dc39e6b9ea7e61f53d28bbc6f06388d576846374f8fde1d23ba060ae4d6d9f57ccb3353a74c3a5c996b9db85a4b761b085e65e9bcd2185380
SSDEEP

24576:cWQmmav30xJZy/w6V06NCsREWn4bXXvbiksrYpU1Uzw:xQmmQ30Br6VFg247fbJZUms

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

ORDER 64534.xla.xls

Resource

win7-20230831-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER 64534.xla.xls

Resource

win10v2004-20230831-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/583/411/original/hta.jpg?1692658229

exe.dropper

https://uploaddeimagens.com.br/images/004/583/411/original/hta.jpg?1692658229

Targets

- Target
  
  ORDER 64534.xla.xlsx
- Size
  
  834KB
- MD5
  
  d3457cfb99ec4b92e018fc215eec78d6
- SHA1
  
  d54d555220ceee449bb1735cd269d6ef38720949
- SHA256
  
  778e84fab456349fe5c466c16c931446fe3e7b2c76fd89d3a3372f9b75eaa5a1
- SHA512
  
  4fa085df5dff865dc39e6b9ea7e61f53d28bbc6f06388d576846374f8fde1d23ba060ae4d6d9f57ccb3353a74c3a5c996b9db85a4b761b085e65e9bcd2185380
- SSDEEP
  
  24576:cWQmmav30xJZy/w6V06NCsREWn4bXXvbiksrYpU1Uzw:xQmmQ30Br6VFg247fbJZUms
Score

10^/10
- Blocklisted process makes network request
- Abuses OpenXML format to download file from external location
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy