Overview

overview

10

Static

static

1

f962a9c0e9...f.xlam

windows7-x64

10

f962a9c0e9...f.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f962a9c0e967d4f9fc7124a6482bdfb5e74b1a375414ce57a811a43f1819219f

  • Size

    688KB

  • Sample

    240801-z1nyss1are

  • MD5

    a565f70c281d69929bbb34a076b97d02

  • SHA1

    29647b98094aa1ceeb7cf93eabda4f822e2c04aa

  • SHA256

    f962a9c0e967d4f9fc7124a6482bdfb5e74b1a375414ce57a811a43f1819219f

  • SHA512

    fcce0738ad80c9d456a1a834910c3a8c3aacfd504a3e54d5d1ee76570a8cbaeb5fbc5f92132fab1e838c33631eafd963d60590b740d085c75866b1a84475041f

  • SSDEEP

    12288:zHV20QbAz7iIDgk1H772OlcFkBlShBSLZAOMl6+Z94pqVALZA6Ejsbw0:zoQxd7HBlkBtOKz94ewZA6UsE0

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      f962a9c0e967d4f9fc7124a6482bdfb5e74b1a375414ce57a811a43f1819219f

    • Size

      688KB

    • MD5

      a565f70c281d69929bbb34a076b97d02

    • SHA1

      29647b98094aa1ceeb7cf93eabda4f822e2c04aa

    • SHA256

      f962a9c0e967d4f9fc7124a6482bdfb5e74b1a375414ce57a811a43f1819219f

    • SHA512

      fcce0738ad80c9d456a1a834910c3a8c3aacfd504a3e54d5d1ee76570a8cbaeb5fbc5f92132fab1e838c33631eafd963d60590b740d085c75866b1a84475041f

    • SSDEEP

      12288:zHV20QbAz7iIDgk1H772OlcFkBlShBSLZAOMl6+Z94pqVALZA6Ejsbw0:zoQxd7HBlkBtOKz94ewZA6UsE0

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks