8fca4b63efc76e4efff30a87a9bebeba447a01738f9732fc87fa14a7659e9671 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

8fca4b63ef...71.xls

windows7-x64

7

8fca4b63ef...71.xls

windows10-2004-x64

6

Sharing

General

Target

8fca4b63efc76e4efff30a87a9bebeba447a01738f9732fc87fa14a7659e9671
Size

338KB
Sample

240725-1tjaeaxckr
MD5

536cd515cdd7cf841099d71511a1936c
SHA1

5cf8b2e8feaeb44e761f25ffeef544a5c542df10
SHA256

8fca4b63efc76e4efff30a87a9bebeba447a01738f9732fc87fa14a7659e9671
SHA512

6b74d7cdd069be493eb9b1e4563387302dc2782272e8f1e7accef93bd7a0c50f56325d6b8756c6615bd803075ae8dbc7c74777f2f0c618eabf8cbb7d7f1ed2aa
SSDEEP

6144:rXPW13kUWYCmKofZzxSOk3hOdsylKlgryzc4bNhZF+E+W/gEMBtBHZDiUy4IusV1:rfW10PCZBzxSKTB5By4I7L

Score

8^/10

discovery macro macro_on_action upx

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

8fca4b63efc76e4efff30a87a9bebeba447a01738f9732fc87fa14a7659e9671.xls

Resource

win7-20240708-en

windows7-x64

10 signatures

60 seconds

Behavioral task

behavioral2

Sample

8fca4b63efc76e4efff30a87a9bebeba447a01738f9732fc87fa14a7659e9671.xls

Resource

win10v2004-20240709-en

windows10-2004-x64

7 signatures

60 seconds

Malware Config

Targets

- Target
  
  8fca4b63efc76e4efff30a87a9bebeba447a01738f9732fc87fa14a7659e9671
- Size
  
  338KB
- MD5
  
  536cd515cdd7cf841099d71511a1936c
- SHA1
  
  5cf8b2e8feaeb44e761f25ffeef544a5c542df10
- SHA256
  
  8fca4b63efc76e4efff30a87a9bebeba447a01738f9732fc87fa14a7659e9671
- SHA512
  
  6b74d7cdd069be493eb9b1e4563387302dc2782272e8f1e7accef93bd7a0c50f56325d6b8756c6615bd803075ae8dbc7c74777f2f0c618eabf8cbb7d7f1ed2aa
- SSDEEP
  
  6144:rXPW13kUWYCmKofZzxSOk3hOdsylKlgryzc4bNhZF+E+W/gEMBtBHZDiUy4IusV1:rfW10PCZBzxSKTB5By4I7L
Score

7^/10

discovery upx
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy