Extracted

• • Target

    wire_receipt.xls

  • Size

    449KB

  • MD5

    83ee185562ee68924b96e955fae0288c

  • SHA1

    2651e918e6ea1aa228cdf0b4d2bcbda43c491c81

  • SHA256

    f30ecca55c1a5c272f1cdf82b8f3dbb18689a689a98fe77d3f50ab249665ab07

  • SHA512

    fbc1c10cf53926f766259c954d8bafa0ba25fb1df6f81fa268c4dd9935c7fb7564fa2c252f62efba8fb6ef014cc162d5cb4793c29d5b2d9e9f8d48b4907fe3bd

  • SSDEEP

    12288:OnEGJFAYHW6b5wUyAeor7r6DFfWaS3i4cdFIZhp/4:zKh5xeC6DF/S3i4cfIZ

  Score

  10^/10

  discoveryexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Abuses OpenXML format to download file from external location

  • Drops file in System32 directory

  behavioral1behavioral2