807a4939c263c7dac20c558e287011049b23dc998c3dcbf8efb897b25b3bcf26 | Triage

Submit
Reports

Overview

overview

Static

static

1

NUEVO PEDI...4.xlam

windows7-x64

NUEVO PEDI...4.xlam

windows10-2004-x64

1

Sharing

General

Target

NUEVO PEDIDO - AM0004.xlam.xlsx
Size

635KB
Sample

231007-janbksca93
MD5

76b8e770e43a86225100af1d6c453db4
SHA1

4d26cba976150a545fdc69952fe6313882de2534
SHA256

807a4939c263c7dac20c558e287011049b23dc998c3dcbf8efb897b25b3bcf26
SHA512

f1017081dd07eb06fd05d6a74ded64882eacfbe64f707c640765fdc9f5098b880cdfee351d1bf0e79888aaa9adb269c9e2bfbf44d44175d702bb31b1db453440
SSDEEP

12288:15i06UfOHz1KSEW/z4vIArAVtUL2ThnvHkhyqgwsgU1jJB9NzsWhxI+9C:fUdEWEvIAkML2TRHkZlEb/Nzs/iC

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

NUEVO PEDIDO - AM0004.xlam

Resource

win7-20230831-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NUEVO PEDIDO - AM0004.xlam

Resource

win10v2004-20230915-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  NUEVO PEDIDO - AM0004.xlam.xlsx
- Size
  
  635KB
- MD5
  
  76b8e770e43a86225100af1d6c453db4
- SHA1
  
  4d26cba976150a545fdc69952fe6313882de2534
- SHA256
  
  807a4939c263c7dac20c558e287011049b23dc998c3dcbf8efb897b25b3bcf26
- SHA512
  
  f1017081dd07eb06fd05d6a74ded64882eacfbe64f707c640765fdc9f5098b880cdfee351d1bf0e79888aaa9adb269c9e2bfbf44d44175d702bb31b1db453440
- SSDEEP
  
  12288:15i06UfOHz1KSEW/z4vIArAVtUL2ThnvHkhyqgwsgU1jJB9NzsWhxI+9C:fUdEWEvIAkML2TRHkZlEb/Nzs/iC
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy