Overview

overview

10

Static

static

8

199ffd0fff...2.xlsm

windows7-x64

10

199ffd0fff...2.xlsm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    199ffd0fff0f775af18b18fc842306aa0b53a45a0cd6c354dfd5fe32e6c507c2

  • Size

    430KB

  • Sample

    240626-bn55jsycpl

  • MD5

    4501168146bcf9b5488231abb95e7ccf

  • SHA1

    5194f32f497272a14fb4dd184427a1674375ca26

  • SHA256

    199ffd0fff0f775af18b18fc842306aa0b53a45a0cd6c354dfd5fe32e6c507c2

  • SHA512

    473c1a0891ae2c951adbdc911cf8e66318e6ffb001f7f8f5df8f1c65d2949da6d6a5db2bc387e810abe025dc4ad21bb147a3b21796e4729a579c96ec9fac811f

  • SSDEEP

    12288:sn8XQu7SHOCZhSTIS2dGpeWpqivD1YxR25O8U3:sVwarmMSAGMID1R5Ot3

Score
10/10
executionmacro

Malware Config

Targets

    • Target

      199ffd0fff0f775af18b18fc842306aa0b53a45a0cd6c354dfd5fe32e6c507c2

    • Size

      430KB

    • MD5

      4501168146bcf9b5488231abb95e7ccf

    • SHA1

      5194f32f497272a14fb4dd184427a1674375ca26

    • SHA256

      199ffd0fff0f775af18b18fc842306aa0b53a45a0cd6c354dfd5fe32e6c507c2

    • SHA512

      473c1a0891ae2c951adbdc911cf8e66318e6ffb001f7f8f5df8f1c65d2949da6d6a5db2bc387e810abe025dc4ad21bb147a3b21796e4729a579c96ec9fac811f

    • SSDEEP

      12288:sn8XQu7SHOCZhSTIS2dGpeWpqivD1YxR25O8U3:sVwarmMSAGMID1R5Ot3

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks