dfa326f34e1cee79084e2b095c75b37ba6005a78fd63f9e96d3f6baa340aa4de | Triage

Submit
Reports

Overview

overview

Static

static

1

dfa326f34e...e.xlam

windows7-x64

dfa326f34e...e.xlam

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

dfa326f34e1cee79084e2b095c75b37ba6005a78fd63f9e96d3f6baa340aa4de.xlsx
Size

632KB
Sample

240802-cyzaes1apq
MD5

fedda7e243aef236425384a981433e98
SHA1

95b33d7f3636a4dcd1ffab18473ab1ee133130fa
SHA256

dfa326f34e1cee79084e2b095c75b37ba6005a78fd63f9e96d3f6baa340aa4de
SHA512

0f00936a852ccef6535fd020c3eca664025317a941e30c44a842cf431570cfbd1548b45ad83e9527aad308b7c88d4fa910b29aba1653f24470eb8b7f6358d2da
SSDEEP

12288:7TXiFNfTMlXPPGZQdqY0Zp0I6IAjwX917OVWb8/CgU5SThVHY4nX+bPBxN34Kq2H:7jgTK/P3qbp0I6IAjsuqMd1Y4n0Lq2eE

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

dfa326f34e1cee79084e2b095c75b37ba6005a78fd63f9e96d3f6baa340aa4de.xlam

Resource

win7-20240708-en

discovery execution

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

dfa326f34e1cee79084e2b095c75b37ba6005a78fd63f9e96d3f6baa340aa4de.xlam

Resource

win10v2004-20240730-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

- Target
  
  dfa326f34e1cee79084e2b095c75b37ba6005a78fd63f9e96d3f6baa340aa4de.xlsx
- Size
  
  632KB
- MD5
  
  fedda7e243aef236425384a981433e98
- SHA1
  
  95b33d7f3636a4dcd1ffab18473ab1ee133130fa
- SHA256
  
  dfa326f34e1cee79084e2b095c75b37ba6005a78fd63f9e96d3f6baa340aa4de
- SHA512
  
  0f00936a852ccef6535fd020c3eca664025317a941e30c44a842cf431570cfbd1548b45ad83e9527aad308b7c88d4fa910b29aba1653f24470eb8b7f6358d2da
- SSDEEP
  
  12288:7TXiFNfTMlXPPGZQdqY0Zp0I6IAjwX917OVWb8/CgU5SThVHY4nX+bPBxN34Kq2H:7jgTK/P3qbp0I6IAjsuqMd1Y4n0Lq2eE
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy