Overview

overview

10

Static

static

1

PO0124.xls

windows7-x64

10

PO0124.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    PO0124.xls

  • Size

    497KB

  • Sample

    240124-jspmcsddcr

  • MD5

    88018e2dd9271a0c2eaf779c6b788520

  • SHA1

    73a87514d24b9a90635badc789727275ff2bf699

  • SHA256

    9fe05d334025c4de61b85916e3575acfa5e672b5e689a930e69a7a9050703abf

  • SHA512

    9a0408115617883b7d3a029b7c6d7bf934fd556e7ec1ac2ffa80a21bc1c78862d0f127ac3acca865d10f9bf7898d5a4619a591c7bc950f9a46fcbc547ca4868f

  • SSDEEP

    12288:PSN9BC6uEkaQpozwjTqCfgfSLMS73tw84Jqmwyz36NQgJv:Aw6sOWWCfgfo3tr4JqmwyzqNlv

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://wallpapercave.com/uwp/uwp4228677.png
exe.dropper

https://wallpapercave.com/uwp/uwp4228677.png

Targets

    • Target

      PO0124.xls

    • Size

      497KB

    • MD5

      88018e2dd9271a0c2eaf779c6b788520

    • SHA1

      73a87514d24b9a90635badc789727275ff2bf699

    • SHA256

      9fe05d334025c4de61b85916e3575acfa5e672b5e689a930e69a7a9050703abf

    • SHA512

      9a0408115617883b7d3a029b7c6d7bf934fd556e7ec1ac2ffa80a21bc1c78862d0f127ac3acca865d10f9bf7898d5a4619a591c7bc950f9a46fcbc547ca4868f

    • SSDEEP

      12288:PSN9BC6uEkaQpozwjTqCfgfSLMS73tw84Jqmwyz36NQgJv:Aw6sOWWCfgfo3tr4JqmwyzqNlv

    Score
    10/10

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks