a3ad446626bebe8f644aecc09a0d37995db5519c579d3930ac045a5a45c05692 | Triage

Submit
Reports

Overview

overview

Static

static

1

a3ad446626...92.xls

windows7-x64

a3ad446626...92.xls

windows10-2004-x64

1

Sharing

General

Target

a3ad446626bebe8f644aecc09a0d37995db5519c579d3930ac045a5a45c05692.xls
Size

165KB
Sample

240818-bs7h6sxfnb
MD5

2fee83fc2c5af9605530ce72a97a9c7b
SHA1

dfeed802de1f062c3a3fdd36a529d86772db6005
SHA256

a3ad446626bebe8f644aecc09a0d37995db5519c579d3930ac045a5a45c05692
SHA512

2614fafe15ad2198fd3bb524d26b959b7c8de3becdf547dddaf2879d72e7c412beea2723b9882e6bf511d265483e14316596ef943133a59f47c97fa84424cd4a
SSDEEP

3072:jUYpmZjeGXnuqKfMMVG+MhD1e5pzYJIjB0ssuyg6kB3f8:AY0Tif7G+MhE30Ojp0grBv8

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

a3ad446626bebe8f644aecc09a0d37995db5519c579d3930ac045a5a45c05692.xls

Resource

win7-20240704-en

discovery execution

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

a3ad446626bebe8f644aecc09a0d37995db5519c579d3930ac045a5a45c05692.xls

Resource

win10v2004-20240802-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

- Target
  
  a3ad446626bebe8f644aecc09a0d37995db5519c579d3930ac045a5a45c05692.xls
- Size
  
  165KB
- MD5
  
  2fee83fc2c5af9605530ce72a97a9c7b
- SHA1
  
  dfeed802de1f062c3a3fdd36a529d86772db6005
- SHA256
  
  a3ad446626bebe8f644aecc09a0d37995db5519c579d3930ac045a5a45c05692
- SHA512
  
  2614fafe15ad2198fd3bb524d26b959b7c8de3becdf547dddaf2879d72e7c412beea2723b9882e6bf511d265483e14316596ef943133a59f47c97fa84424cd4a
- SSDEEP
  
  3072:jUYpmZjeGXnuqKfMMVG+MhD1e5pzYJIjB0ssuyg6kB3f8:AY0Tif7G+MhE30Ojp0grBv8
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Abuses OpenXML format to download file from external location
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy