Overview

overview

8

Static

static

1

P018400.xls

windows7-x64

8

P018400.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    P018400.xla

  • Size

    557KB

  • Sample

    240213-qqwffscc24

  • MD5

    e9ff33ad374e8c0a52fac68e8e9c4fa1

  • SHA1

    6756634e8cec1f0679ad3b79b64de21497ad8e55

  • SHA256

    46e9f5dc33458a0c7333508cf6c03b3e298217507b52fcc54d1d43b26488e2c6

  • SHA512

    049b4021a8ddcd28e175d429551c6e0e2d20f0cae1f75d6ab16915d224d0837c85cab84d7b09c6ff7312f4d5801f1cdead4ed9657d27f26d1be6dd4a713045b2

  • SSDEEP

    12288:yTkbSEXMcbNedomzED+vw3bVqLMIlesc4LSvIip6qDt0:RSSMMednED+43bVCeJ46ISLt

Score
8/10

Malware Config

Targets

    • Target

      P018400.xla

    • Size

      557KB

    • MD5

      e9ff33ad374e8c0a52fac68e8e9c4fa1

    • SHA1

      6756634e8cec1f0679ad3b79b64de21497ad8e55

    • SHA256

      46e9f5dc33458a0c7333508cf6c03b3e298217507b52fcc54d1d43b26488e2c6

    • SHA512

      049b4021a8ddcd28e175d429551c6e0e2d20f0cae1f75d6ab16915d224d0837c85cab84d7b09c6ff7312f4d5801f1cdead4ed9657d27f26d1be6dd4a713045b2

    • SSDEEP

      12288:yTkbSEXMcbNedomzED+vw3bVqLMIlesc4LSvIip6qDt0:RSSMMednED+43bVCeJ46ISLt

    Score
    8/10

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks