Overview

overview

10

Static

static

1

0328678647...o.xlam

windows7-x64

10

0328678647...o.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03286786476_formulario bancario.xlam.xlsx

  • Size

    658KB

  • Sample

    240810-jpt3ns1drn

  • MD5

    51e4c0064961c9c7d11422c8af4624c6

  • SHA1

    0765b35965e1e817cab7f1dac05d8a01e0962c75

  • SHA256

    41314659fc6539e493e75d1a0117f847edeb027c6274cbb0e829f38275a66746

  • SHA512

    ff8be749338dff2354bf1070b0b44f80222d47be864f2ecd77d838598ca30b3c99057995ae4d0739d07568edee5d7b40918e7b6b0a521b6f171ff3e790593a56

  • SSDEEP

    12288:/1fSSiZ7RZEN1HvkryB/UbzUQqnOERQ1W9LnD5hXWEBayEaUXNP2eDfHsZX:1SSiZ7R6KbzU38w5EEg9PhQ

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      03286786476_formulario bancario.xlam.xlsx

    • Size

      658KB

    • MD5

      51e4c0064961c9c7d11422c8af4624c6

    • SHA1

      0765b35965e1e817cab7f1dac05d8a01e0962c75

    • SHA256

      41314659fc6539e493e75d1a0117f847edeb027c6274cbb0e829f38275a66746

    • SHA512

      ff8be749338dff2354bf1070b0b44f80222d47be864f2ecd77d838598ca30b3c99057995ae4d0739d07568edee5d7b40918e7b6b0a521b6f171ff3e790593a56

    • SSDEEP

      12288:/1fSSiZ7RZEN1HvkryB/UbzUQqnOERQ1W9LnD5hXWEBayEaUXNP2eDfHsZX:1SSiZ7R6KbzU38w5EEg9PhQ

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks