3f1e3be90faad6ec87e3c7db24ed061fad4d2548f747b8e68a7f15c26d10a58b | Triage

Submit
Reports

Overview

overview

Static

static

8

3f1e3be90f...8b.xls

windows7-x64

3f1e3be90f...8b.xls

windows10-2004-x64

Sharing

General

Target

3f1e3be90faad6ec87e3c7db24ed061fad4d2548f747b8e68a7f15c26d10a58b
Size

68KB
Sample

240801-z42daswfrk
MD5

97db240cfb4fde1ed5afef0680b9bd77
SHA1

fa58fbbbc902082a64af59ea5d693caed7eddaff
SHA256

3f1e3be90faad6ec87e3c7db24ed061fad4d2548f747b8e68a7f15c26d10a58b
SHA512

c9e0179f956e8c10e12f1ed9eddd324308b5c2ecab31bcb59b1a1787ddfe90bd339140ad1f394363e44cfcad7c6141071f35d2870231fcec63ceedfe5cab5682
SSDEEP

1536:f9hWk3hbd9382I6/4vw+Wtu5CEUEmfgPfQ6r0DnUD/PkkSgn84lH4wpvZjkkU3J+:f9hWk3hbd9382I6/4vw+Wtu5CEUEmfgH

Score

10^/10

discovery macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

3f1e3be90faad6ec87e3c7db24ed061fad4d2548f747b8e68a7f15c26d10a58b.xls

Resource

win7-20240704-en

windows7-x64

13 signatures

60 seconds

Behavioral task

behavioral2

Sample

3f1e3be90faad6ec87e3c7db24ed061fad4d2548f747b8e68a7f15c26d10a58b.xls

Resource

win10v2004-20240730-en

macro macro_on_action

windows10-2004-x64

13 signatures

60 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://tmpfiles.org/dl/10333590/exploit.jpg

Targets

- Target
  
  3f1e3be90faad6ec87e3c7db24ed061fad4d2548f747b8e68a7f15c26d10a58b
- Size
  
  68KB
- MD5
  
  97db240cfb4fde1ed5afef0680b9bd77
- SHA1
  
  fa58fbbbc902082a64af59ea5d693caed7eddaff
- SHA256
  
  3f1e3be90faad6ec87e3c7db24ed061fad4d2548f747b8e68a7f15c26d10a58b
- SHA512
  
  c9e0179f956e8c10e12f1ed9eddd324308b5c2ecab31bcb59b1a1787ddfe90bd339140ad1f394363e44cfcad7c6141071f35d2870231fcec63ceedfe5cab5682
- SSDEEP
  
  1536:f9hWk3hbd9382I6/4vw+Wtu5CEUEmfgPfQ6r0DnUD/PkkSgn84lH4wpvZjkkU3J+:f9hWk3hbd9382I6/4vw+Wtu5CEUEmfgH
Score

10^/10

discovery macro macro_on_action
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Office macro that triggers on suspicious action
  Office document macro which triggers in special circumstances - often malicious.
  macro macro_on_action
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

macromacro_on_action

© 2018-2024

Terms | Privacy