General

  • Target

    029f9f0e3f72f1e132393e05a65c163924ad93fdd1fa90565711d488a13c530d.xls

  • Size

    92KB

  • Sample

    240520-y4s69aff74

  • MD5

    c7850d198983d794fd3c109f8d1a57ae

  • SHA1

    9a9cc6ee0ac4b7a35598c386bc04998f5e37a864

  • SHA256

    029f9f0e3f72f1e132393e05a65c163924ad93fdd1fa90565711d488a13c530d

  • SHA512

    7d7a40c1e86f5eed757bd3cef7537ee2d298eafeafe84e23d0c84dad4b6c733bf71abfcf9a8960354706189438c7a9b3d83fe2e382efe0beb096716b85a5b282

  • SSDEEP

    1536:3k3hOdsylKlgryzc4bNhZFGzE+cL2knAfiCaikW3ixhZFaRRGjx0BT0TR0SHx/Ua:3k3hOdsylKlgryzc4bNhZFGzE+cL2knt

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://i.cubeupload.com/1MDiPJ.jpg

Targets

    • Target

      029f9f0e3f72f1e132393e05a65c163924ad93fdd1fa90565711d488a13c530d.xls

    • Size

      92KB

    • MD5

      c7850d198983d794fd3c109f8d1a57ae

    • SHA1

      9a9cc6ee0ac4b7a35598c386bc04998f5e37a864

    • SHA256

      029f9f0e3f72f1e132393e05a65c163924ad93fdd1fa90565711d488a13c530d

    • SHA512

      7d7a40c1e86f5eed757bd3cef7537ee2d298eafeafe84e23d0c84dad4b6c733bf71abfcf9a8960354706189438c7a9b3d83fe2e382efe0beb096716b85a5b282

    • SSDEEP

      1536:3k3hOdsylKlgryzc4bNhZFGzE+cL2knAfiCaikW3ixhZFaRRGjx0BT0TR0SHx/Ua:3k3hOdsylKlgryzc4bNhZFGzE+cL2knt

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks