e31f2c0dc3d83adc49c85d60876825d5591bb398472d101d179eeff7dbf89952 | Triage

Submit
Reports

Overview

overview

Static

static

8

OrderXInquiry.xla.xls

windows7-x64

OrderXInquiry.xla.xls

windows10-2004-x64

1

Sharing

General

Target

OrderXInquiry.xla.xlsx
Size

249KB
Sample

231212-jbtjzsghfr
MD5

9f0fedb5a159b247d698fe525fa42b71
SHA1

1d466b66435f85871baf84e16bf476be7622dbb5
SHA256

e31f2c0dc3d83adc49c85d60876825d5591bb398472d101d179eeff7dbf89952
SHA512

f0fbaf804fa00ecceadac64ea36f88956bc74df139e6d571e96585eaaf57450d2cd89d3fce4048221f2b74b492259d5ad10c89d8723349c23833670778d04a9a
SSDEEP

6144:vY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVZvMIXeYueFZ1Ddb4P6gfGmqEqE:y3bVZvMIXNFZddb46pmV0Af

Score

10^/10

macro xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OrderXInquiry.xla.xls

Resource

win7-20231023-en

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

OrderXInquiry.xla.xls

Resource

win10v2004-20231130-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/686/431/original/dll_vbe.jpg?1702073941

exe.dropper

https://uploaddeimagens.com.br/images/004/686/431/original/dll_vbe.jpg?1702073941

Targets

- Target
  
  OrderXInquiry.xla.xlsx
- Size
  
  249KB
- MD5
  
  9f0fedb5a159b247d698fe525fa42b71
- SHA1
  
  1d466b66435f85871baf84e16bf476be7622dbb5
- SHA256
  
  e31f2c0dc3d83adc49c85d60876825d5591bb398472d101d179eeff7dbf89952
- SHA512
  
  f0fbaf804fa00ecceadac64ea36f88956bc74df139e6d571e96585eaaf57450d2cd89d3fce4048221f2b74b492259d5ad10c89d8723349c23833670778d04a9a
- SSDEEP
  
  6144:vY35qAOJl/YrLYz+WrNhZF+E+fgL+0dD8ivSbVZvMIXeYueFZ1Ddb4P6gfGmqEqE:y3bVZvMIXNFZddb46pmV0Af
Score

10^/10
- Blocklisted process makes network request
- Abuses OpenXML format to download file from external location
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy