Overview

overview

10

Static

static

1

13082024_1...3.xlam

windows7-x64

10

13082024_1...3.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13082024_1636_13082024_OC 20240813.xlam

  • Size

    686KB

  • Sample

    240813-t4ampavanb

  • MD5

    cd4b6e491513b2e0e88a19c7ba588744

  • SHA1

    abdbd356a7daa493fcacaec8f17cde7f28e66a74

  • SHA256

    3b42145ff197762aaa66bc2f5f4f00b8d4adfac572874c6bcf751060dd7d7624

  • SHA512

    7931e15c5f2ac4903a2267aed493eeed9fc1479240d3e48a5af35e21d66ea572014216d3f09dbfd1f8d284ff9cb5ae7020e50e0237e9e44b89d73057e7ecda1d

  • SSDEEP

    12288:/Dvhr0NQa4NgJjU8CrwPJwGGrVSb6mCPtN5gzebMmyHi90AabXVpn5FB:/b90NQi48kzGM8bzCPja61yaabXH5T

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      13082024_1636_13082024_OC 20240813.xlam

    • Size

      686KB

    • MD5

      cd4b6e491513b2e0e88a19c7ba588744

    • SHA1

      abdbd356a7daa493fcacaec8f17cde7f28e66a74

    • SHA256

      3b42145ff197762aaa66bc2f5f4f00b8d4adfac572874c6bcf751060dd7d7624

    • SHA512

      7931e15c5f2ac4903a2267aed493eeed9fc1479240d3e48a5af35e21d66ea572014216d3f09dbfd1f8d284ff9cb5ae7020e50e0237e9e44b89d73057e7ecda1d

    • SSDEEP

      12288:/Dvhr0NQa4NgJjU8CrwPJwGGrVSb6mCPtN5gzebMmyHi90AabXVpn5FB:/b90NQi48kzGM8bzCPja61yaabXH5T

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks