Overview

overview

10

Static

static

8

dc315d8568...36.xls

windows7-x64

10

dc315d8568...36.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc315d85684bef88ed31414d0f9daec96a1898034bcdbc3d8afb3ea5835c1c36

  • Size

    138KB

  • Sample

    240516-bwjlhsed48

  • MD5

    651a4173be0c8d54db29745950e19a38

  • SHA1

    98bb70246ea88a5dabdb3fa3c37d1444cd8045b6

  • SHA256

    dc315d85684bef88ed31414d0f9daec96a1898034bcdbc3d8afb3ea5835c1c36

  • SHA512

    dd5c2cf312215a9434fe590af5e9f0c6e6d98a7d763dc71def62cc148021781f8f1cf60555aa53a5921a158fd2c40560a2d5fc1e51c6cd35c2a22821e48f4d7e

  • SSDEEP

    3072:7RQ+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmzd1N:7RQ+A64l7VX1TnRrpXJ0eQm02RxHFk30

Score
10/10
executionmacromacro_on_action

Malware Config

Targets

    • Target

      dc315d85684bef88ed31414d0f9daec96a1898034bcdbc3d8afb3ea5835c1c36

    • Size

      138KB

    • MD5

      651a4173be0c8d54db29745950e19a38

    • SHA1

      98bb70246ea88a5dabdb3fa3c37d1444cd8045b6

    • SHA256

      dc315d85684bef88ed31414d0f9daec96a1898034bcdbc3d8afb3ea5835c1c36

    • SHA512

      dd5c2cf312215a9434fe590af5e9f0c6e6d98a7d763dc71def62cc148021781f8f1cf60555aa53a5921a158fd2c40560a2d5fc1e51c6cd35c2a22821e48f4d7e

    • SSDEEP

      3072:7RQ+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmzd1N:7RQ+A64l7VX1TnRrpXJ0eQm02RxHFk30

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks