1843eb89b27741ab35c0b278a42b1698414bc512b4ccbbdb32d5f9d71e28424a | Triage

Submit
Reports

Overview

overview

Static

static

1

7f676793d8...3.xlam

windows7-x64

7f676793d8...3.xlam

windows10-2004-x64

1

Sharing

General

Target

156a8325da6a12b655e2c56c0ac7f7e5.bin
Size

729KB
Sample

240819-bc823avfnh
MD5

38d56f119b007085c738277e7d119116
SHA1

8024044190824cabda436ec7ea9dc90673dd8770
SHA256

1843eb89b27741ab35c0b278a42b1698414bc512b4ccbbdb32d5f9d71e28424a
SHA512

435e62a7740231c74c9099677deb5d68eb00bb68cd4daffe74955b6b645e482c846fc9f507ec5ee6761f07ef86be9abc76bc33c7149e6a3f6d22d24081aadb20
SSDEEP

12288:KkyEvlYyaGB705hq97jNC0nfZ+pupaCogfOvr5XtAJeF542IgmvRu179llxdgLbR:39YISC4GX8Vr+eF54UmJe73XdrKp/

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

7f676793d8d7c9646d434f5ad2d97790a0beb2c8c4adf19b5a7f1c75edd8f983.xlam

Resource

win7-20240705-en

discovery execution

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

7f676793d8d7c9646d434f5ad2d97790a0beb2c8c4adf19b5a7f1c75edd8f983.xlam

Resource

win10v2004-20240802-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

- Target
  
  7f676793d8d7c9646d434f5ad2d97790a0beb2c8c4adf19b5a7f1c75edd8f983.xlsx
- Size
  
  730KB
- MD5
  
  156a8325da6a12b655e2c56c0ac7f7e5
- SHA1
  
  844d20d5d99b3aa8623fe30980047ca7efbccbcb
- SHA256
  
  7f676793d8d7c9646d434f5ad2d97790a0beb2c8c4adf19b5a7f1c75edd8f983
- SHA512
  
  594699fdb8dad0472ebb32558c4d66a10788809b49e40c1756f9f34628d2dcbbbaa7f4fb4ca5e2b46825adfd1ff75fc004947f03c5d5d1661f6aed75c40cb8b4
- SSDEEP
  
  12288:HpU+OVpm7Cja3ZIjgyHOW67lJ1JcLYXqwIDOYV5RnrOdxE38j:JU+bELgyHU1JyYa7R5lKw38j
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy