Overview

overview

10

Static

static

1

Novi pored...0.xlam

windows7-x64

10

Novi pored...0.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Novi poredak_HR-WJO-09-10.xlam

  • Size

    598KB

  • Sample

    231010-nl4vxsfa92

  • MD5

    0d7bb55b744e2a0288f435a3906fbf5a

  • SHA1

    bf23fe35a8c6b921db48e8e99946e75f2703bf05

  • SHA256

    0d8fdbed57df9891654aed593b5728235eb417aaf1291ff5b06ea266dfb234b6

  • SHA512

    c04c201a596035821d5241cb96ed5bfdfcff30d04ef3751941ad8ce670c05ab02fbac12705aae5eb266f3585f88742c20ad6b39824691bf8ee51a3beea3285cb

  • SSDEEP

    12288:fis81hz6LqL4JLsVlXjirRX7ABvLCjO5MaQRD4hXfV:fis8zz6Lk4JYVlOrRrgvWjOLmDkPV

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      Novi poredak_HR-WJO-09-10.xlam

    • Size

      598KB

    • MD5

      0d7bb55b744e2a0288f435a3906fbf5a

    • SHA1

      bf23fe35a8c6b921db48e8e99946e75f2703bf05

    • SHA256

      0d8fdbed57df9891654aed593b5728235eb417aaf1291ff5b06ea266dfb234b6

    • SHA512

      c04c201a596035821d5241cb96ed5bfdfcff30d04ef3751941ad8ce670c05ab02fbac12705aae5eb266f3585f88742c20ad6b39824691bf8ee51a3beea3285cb

    • SSDEEP

      12288:fis81hz6LqL4JLsVlXjirRX7ABvLCjO5MaQRD4hXfV:fis8zz6Lk4JYVlOrRrgvWjOLmDkPV

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks