Overview

overview

10

Static

static

1

1f3b7f3ad8...C.xlam

windows7-x64

10

1f3b7f3ad8...C.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f3b7f3ad8b73e19d81f88cf2a6f78e99bb92d4192dc9e73ae5a571e42a2daea_JC.xlsx

  • Size

    636KB

  • Sample

    230930-nzyk3acf95

  • MD5

    fd2c52c8a3fdfd8015400a1ec02b8648

  • SHA1

    dbeff047a9094f2e684802740cd88b4dec1b926d

  • SHA256

    1f3b7f3ad8b73e19d81f88cf2a6f78e99bb92d4192dc9e73ae5a571e42a2daea

  • SHA512

    ec06dddf0e33b5a2148c7f490ce4f8d449e9da8f5ab9b273b9e05935c1f2912758723873c614c8264551429c8ad4d006240a2f3061582d886f2553177d6b82d5

  • SSDEEP

    12288:GDVkMXcEZ1EE9z64BpZrmSPq+LllMSLh4/yAumAkwpTu/nMkPpU2b:6VMErEE9z6apZrmELPV6pu/kuC/nM0Zb

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      1f3b7f3ad8b73e19d81f88cf2a6f78e99bb92d4192dc9e73ae5a571e42a2daea_JC.xlsx

    • Size

      636KB

    • MD5

      fd2c52c8a3fdfd8015400a1ec02b8648

    • SHA1

      dbeff047a9094f2e684802740cd88b4dec1b926d

    • SHA256

      1f3b7f3ad8b73e19d81f88cf2a6f78e99bb92d4192dc9e73ae5a571e42a2daea

    • SHA512

      ec06dddf0e33b5a2148c7f490ce4f8d449e9da8f5ab9b273b9e05935c1f2912758723873c614c8264551429c8ad4d006240a2f3061582d886f2553177d6b82d5

    • SSDEEP

      12288:GDVkMXcEZ1EE9z64BpZrmSPq+LllMSLh4/yAumAkwpTu/nMkPpU2b:6VMErEE9z6apZrmELPV6pu/kuC/nM0Zb

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks