Overview

overview

10

Static

static

1

New Reserv...8.xlam

windows7-x64

10

New Reserv...8.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    New Reservation-BH-PVT-2311-00928.xlam.xlsx

  • Size

    601KB

  • Sample

    231012-s6gncahd8z

  • MD5

    46bfbe02f7cb2b76d499eedb72c4abd6

  • SHA1

    94b5c040984ea5fdd2cce2d40e3b20da925c5bfd

  • SHA256

    6e28e3164c20ecdf26ce722881ae7dec325c63cfa2effbb3484f62ecb1dd85d5

  • SHA512

    4745488cd89b76d3ddadcc1c7c696ea79c273e53ea5181ea3839fc169df40ca1d90560dd55de3d0f5cc84b4130d5641286069168b2810aba68c490eb14e7b8f9

  • SSDEEP

    12288:hxnWclLtGf4wfDBI3S6wI7Jnr0/7wIa4LV4dqLDFTgRdWCuOs:/htGf4GBftINno7aU3LxTgsOs

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      New Reservation-BH-PVT-2311-00928.xlam.xlsx

    • Size

      601KB

    • MD5

      46bfbe02f7cb2b76d499eedb72c4abd6

    • SHA1

      94b5c040984ea5fdd2cce2d40e3b20da925c5bfd

    • SHA256

      6e28e3164c20ecdf26ce722881ae7dec325c63cfa2effbb3484f62ecb1dd85d5

    • SHA512

      4745488cd89b76d3ddadcc1c7c696ea79c273e53ea5181ea3839fc169df40ca1d90560dd55de3d0f5cc84b4130d5641286069168b2810aba68c490eb14e7b8f9

    • SSDEEP

      12288:hxnWclLtGf4wfDBI3S6wI7Jnr0/7wIa4LV4dqLDFTgRdWCuOs:/htGf4GBftINno7aU3LxTgsOs

    Score
    10/10

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks