9b25f1b5b77466f9bd0e8b3f69cf5b5ec10dd5691a59767e5d8ae34f226a4a7f | Triage

Submit
Reports

Overview

overview

Static

static

1

7030200100.xls

windows7-x64

7030200100.xls

windows10-2004-x64

1

Sharing

General

Target

7030200100.xls
Size

1.0MB
Sample

231006-rnyy8seg69
MD5

db838e896fe65e782fde6004f549d93d
SHA1

934e383c200be732053ff5eb47bbd815c3ca2576
SHA256

9b25f1b5b77466f9bd0e8b3f69cf5b5ec10dd5691a59767e5d8ae34f226a4a7f
SHA512

3f27b47b710237ec605d4fa85f2067749e58e86f414cb41457fc4121a81c82905d53fa9575578c60a51099e11412aba918aebd033ae75e137d369a8c2552c332
SSDEEP

24576:PX8DK69PFoheP1QPHwLFRkLFR8/fFX0wv4knkL9kmJZODqcx2X:4L9Nohy1QP4K+4kkLCd

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

7030200100.xls

Resource

win7-20230831-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7030200100.xls

Resource

win10v2004-20230915-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  7030200100.xls
- Size
  
  1.0MB
- MD5
  
  db838e896fe65e782fde6004f549d93d
- SHA1
  
  934e383c200be732053ff5eb47bbd815c3ca2576
- SHA256
  
  9b25f1b5b77466f9bd0e8b3f69cf5b5ec10dd5691a59767e5d8ae34f226a4a7f
- SHA512
  
  3f27b47b710237ec605d4fa85f2067749e58e86f414cb41457fc4121a81c82905d53fa9575578c60a51099e11412aba918aebd033ae75e137d369a8c2552c332
- SSDEEP
  
  24576:PX8DK69PFoheP1QPHwLFRkLFR8/fFX0wv4knkL9kmJZODqcx2X:4L9Nohy1QP4K+4kkLCd
Score

10^/10
- Blocklisted process makes network request
- Abuses OpenXML format to download file from external location
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy