fdb06318c6aeff1ecb89b2b6f07ff18b88c8af5647101be0af938f1c00369d3d | Triage

Submit
Reports

Overview

overview

Static

static

1

Bank Payme...c.xlam

windows7-x64

Bank Payme...c.xlam

windows10-2004-x64

1

Sharing

General

Target

Bank Payment Copy for Invoice No. 202308460.doc.xlam
Size

599KB
Sample

231011-hyvvwsbb34
MD5

5c89bc42ee54df2b5a0e40f4e28ca03b
SHA1

f26bd8415929af792ccbbd27c82a49afd732bc58
SHA256

fdb06318c6aeff1ecb89b2b6f07ff18b88c8af5647101be0af938f1c00369d3d
SHA512

919b21ef93b171c7961788c01731018edc180b2c5efb4ae494dc32612bb952e9b34530ae5723cbd11f53175f0e5da42d41d8f3b9115c88124e2541a480608f62
SSDEEP

12288:P/QL+0bJiSxY+p+5Oe7KCYOEFgxR8RfmZY818QtiQBIgMJxL:XcICw5vmNO0k8YZQkIgoL

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

Bank Payment Copy for Invoice No. 202308460.doc.xlam

Resource

win7-20230831-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bank Payment Copy for Invoice No. 202308460.doc.xlam

Resource

win10v2004-20230915-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  Bank Payment Copy for Invoice No. 202308460.doc.xlam
- Size
  
  599KB
- MD5
  
  5c89bc42ee54df2b5a0e40f4e28ca03b
- SHA1
  
  f26bd8415929af792ccbbd27c82a49afd732bc58
- SHA256
  
  fdb06318c6aeff1ecb89b2b6f07ff18b88c8af5647101be0af938f1c00369d3d
- SHA512
  
  919b21ef93b171c7961788c01731018edc180b2c5efb4ae494dc32612bb952e9b34530ae5723cbd11f53175f0e5da42d41d8f3b9115c88124e2541a480608f62
- SSDEEP
  
  12288:P/QL+0bJiSxY+p+5Oe7KCYOEFgxR8RfmZY818QtiQBIgMJxL:XcICw5vmNO0k8YZQkIgoL
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy