Overview

overview

8

Static

static

1

Contract 11-06-24.xls

windows7-x64

8

Contract 11-06-24.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Contract 11-06-24.xls

  • Size

    385KB

  • Sample

    240613-ljrfpsxarl

  • MD5

    c90749a2cd8d7a8ad0cbfa64fb2d8691

  • SHA1

    9b316d0f43d95866ba01d044c8addab2b0f7a75f

  • SHA256

    30afcb4d640f9e65da53f556cce02c5adf233e719404e0fded38f62595110069

  • SHA512

    1353d71ee9c86ee1a05b05be98808bb2e2be6b37877dfc0aae37d5bf80fb5bc93ed11da02ff2d2bf3b10512442b993dba37854fdf772faa01ed6b969580a7dd4

  • SSDEEP

    12288:5SNyZT66NCLo6IeIorxc+jMZuKC+kT+2uo:N66NCs8tasJKC+kb7

Score
8/10
execution

Malware Config

Targets

    • Target

      Contract 11-06-24.xls

    • Size

      385KB

    • MD5

      c90749a2cd8d7a8ad0cbfa64fb2d8691

    • SHA1

      9b316d0f43d95866ba01d044c8addab2b0f7a75f

    • SHA256

      30afcb4d640f9e65da53f556cce02c5adf233e719404e0fded38f62595110069

    • SHA512

      1353d71ee9c86ee1a05b05be98808bb2e2be6b37877dfc0aae37d5bf80fb5bc93ed11da02ff2d2bf3b10512442b993dba37854fdf772faa01ed6b969580a7dd4

    • SSDEEP

      12288:5SNyZT66NCLo6IeIorxc+jMZuKC+kT+2uo:N66NCs8tasJKC+kb7

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks