Overview

overview

10

Static

static

8

17916438c5...25.xls

windows7-x64

10

17916438c5...25.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17916438c51dd0a751f38bf2a1994cc2f84ade18b29a0b8bbe2f359d80e59125

  • Size

    134KB

  • Sample

    240516-c5837sgg61

  • MD5

    7ef9e790fee4e0dcbd51cff019979d76

  • SHA1

    d2ad0e091ba9614f2d7c941ed9aebfc382fa51b1

  • SHA256

    17916438c51dd0a751f38bf2a1994cc2f84ade18b29a0b8bbe2f359d80e59125

  • SHA512

    2bade99c1b9010cf199565142abfa939ab2ea03fb237032f20c184af6d508fe0b56c213f12df94f55e8ab6b82d7624d47608440938ac0b600fac1ad7ed49b8c0

  • SSDEEP

    3072:r2Q+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmMRfV:r2Q+A64l7VX1TnRrpXJ0eQm02RxHFk3t

Score
10/10
executionmacromacro_on_action

Malware Config

Targets

    • Target

      17916438c51dd0a751f38bf2a1994cc2f84ade18b29a0b8bbe2f359d80e59125

    • Size

      134KB

    • MD5

      7ef9e790fee4e0dcbd51cff019979d76

    • SHA1

      d2ad0e091ba9614f2d7c941ed9aebfc382fa51b1

    • SHA256

      17916438c51dd0a751f38bf2a1994cc2f84ade18b29a0b8bbe2f359d80e59125

    • SHA512

      2bade99c1b9010cf199565142abfa939ab2ea03fb237032f20c184af6d508fe0b56c213f12df94f55e8ab6b82d7624d47608440938ac0b600fac1ad7ed49b8c0

    • SSDEEP

      3072:r2Q+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmMRfV:r2Q+A64l7VX1TnRrpXJ0eQm02RxHFk3t

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks