Overview

overview

10

Static

static

8

476f9322d9...01.xls

windows7-x64

10

476f9322d9...01.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301

  • Size

    134KB

  • Sample

    240517-e973tahf7w

  • MD5

    b7a3aa028067fd7c7e781a5a451fbbc2

  • SHA1

    34ec187027cfe5b922954473fed4f4693935bd64

  • SHA256

    476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301

  • SHA512

    70de2d12ef3b1709428a17b864cf50a9da99a6b58cffd757e7bd9242e33b5eab9c20068dc3ac62a4b6bc0db03526dc3022f638ae1ca1e44a3ed2ce8841e717f0

  • SSDEEP

    3072:s+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmPRfv:s+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3U

Score
10/10
executionmacromacro_on_action

Malware Config

Targets

    • Target

      476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301

    • Size

      134KB

    • MD5

      b7a3aa028067fd7c7e781a5a451fbbc2

    • SHA1

      34ec187027cfe5b922954473fed4f4693935bd64

    • SHA256

      476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301

    • SHA512

      70de2d12ef3b1709428a17b864cf50a9da99a6b58cffd757e7bd9242e33b5eab9c20068dc3ac62a4b6bc0db03526dc3022f638ae1ca1e44a3ed2ce8841e717f0

    • SSDEEP

      3072:s+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmPRfv:s+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3U

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks