Overview

overview

10

Static

static

1

52af06d8b6...7.xlam

windows7-x64

10

52af06d8b6...7.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    52af06d8b69b7428ec98ded0ef029397f0974de6a8424d53f0c645a65d9d6667.xlsx

  • Size

    701KB

  • Sample

    240818-l3537s1fjp

  • MD5

    0857a9fd10fecac6b8b5a4c8326bc21f

  • SHA1

    975e8d9502ca8f0a35c9399f8c4e9208a6b2894e

  • SHA256

    52af06d8b69b7428ec98ded0ef029397f0974de6a8424d53f0c645a65d9d6667

  • SHA512

    bcea750ec75bc500b649a124ea33551f4e13c05c075ee97b949d588a86f17b0acd21a4f48cf45a41ebc86d1e606348ec369a57c6bdad595c0241ec42572170ea

  • SSDEEP

    12288:L5kbOpJe9BYI20Dg2nT7gQs8WyMSgMYvx9Shuv5AlBstNa/s/byr0M4:9TeW00STTu3YYv6FBstU/Abyri

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      52af06d8b69b7428ec98ded0ef029397f0974de6a8424d53f0c645a65d9d6667.xlsx

    • Size

      701KB

    • MD5

      0857a9fd10fecac6b8b5a4c8326bc21f

    • SHA1

      975e8d9502ca8f0a35c9399f8c4e9208a6b2894e

    • SHA256

      52af06d8b69b7428ec98ded0ef029397f0974de6a8424d53f0c645a65d9d6667

    • SHA512

      bcea750ec75bc500b649a124ea33551f4e13c05c075ee97b949d588a86f17b0acd21a4f48cf45a41ebc86d1e606348ec369a57c6bdad595c0241ec42572170ea

    • SSDEEP

      12288:L5kbOpJe9BYI20Dg2nT7gQs8WyMSgMYvx9Shuv5AlBstNa/s/byr0M4:9TeW00STTu3YYv6FBstU/Abyri

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks