Overview

overview

10

Static

static

1

PO_7736372 xls.xls

windows7-x64

10

PO_7736372 xls.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    PO_7736372 xls.xla

  • Size

    74KB

  • Sample

    231030-glk99ada56

  • MD5

    6950d76ba2aa907864c44818db028ab0

  • SHA1

    1fc8d047c5b87cd9c0acf2eb91cb4c2495335ff1

  • SHA256

    56edd334b21edd4b661a370d40e5134f848786eeceb748c838bb36948fda4366

  • SHA512

    1b603b463b40636a1fd5eaf57bd0378e215b856f6bc90024b0499407ec9c7725394ddf19218c028132b4bfa8c638cece033e36f02a7397dd657a3d5556131670

  • SSDEEP

    1536:AKt9+CX2UVnxMm7W/jI8q7siMkoRBwImV5zXOHvhR:AKt0fUdyrI8Bpko7lmV5qH

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://wallpapercave.com/uwp/uwp4098462.png
exe.dropper

https://wallpapercave.com/uwp/uwp4098462.png

Targets

    • Target

      PO_7736372 xls.xla

    • Size

      74KB

    • MD5

      6950d76ba2aa907864c44818db028ab0

    • SHA1

      1fc8d047c5b87cd9c0acf2eb91cb4c2495335ff1

    • SHA256

      56edd334b21edd4b661a370d40e5134f848786eeceb748c838bb36948fda4366

    • SHA512

      1b603b463b40636a1fd5eaf57bd0378e215b856f6bc90024b0499407ec9c7725394ddf19218c028132b4bfa8c638cece033e36f02a7397dd657a3d5556131670

    • SSDEEP

      1536:AKt9+CX2UVnxMm7W/jI8q7siMkoRBwImV5zXOHvhR:AKt0fUdyrI8Bpko7lmV5qH

    Score
    10/10

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks