Overview

overview

10

Static

static

1

b4ed6ae807...b0.xls

windows7-x64

10

b4ed6ae807...b0.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b4ed6ae807e9c5313c88e133b8a81dbaf352805be8ac9f57ef153fc035e369b0.xls

  • Size

    331KB

  • Sample

    240822-mr1vsasdme

  • MD5

    1cee6c41b5cfe137b0dce62ff3e6aea7

  • SHA1

    07db9f1709641adb3d516acbb90302228a1c0f6b

  • SHA256

    b4ed6ae807e9c5313c88e133b8a81dbaf352805be8ac9f57ef153fc035e369b0

  • SHA512

    b67790960e6fba6b2124da10e7dcb389144cae23060cb5564c84aa7385a5092693b862dcc518d56003cfab91ea7830a4a72b80198e582e0b71fef32249ea7b10

  • SSDEEP

    6144:Kt+kIDakXvs6RlA1Z7Nj70+F72RelqjLdl8fAB3UCxyK:E+kIDak/sH75gEEelsLdNBNyK

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      b4ed6ae807e9c5313c88e133b8a81dbaf352805be8ac9f57ef153fc035e369b0.xls

    • Size

      331KB

    • MD5

      1cee6c41b5cfe137b0dce62ff3e6aea7

    • SHA1

      07db9f1709641adb3d516acbb90302228a1c0f6b

    • SHA256

      b4ed6ae807e9c5313c88e133b8a81dbaf352805be8ac9f57ef153fc035e369b0

    • SHA512

      b67790960e6fba6b2124da10e7dcb389144cae23060cb5564c84aa7385a5092693b862dcc518d56003cfab91ea7830a4a72b80198e582e0b71fef32249ea7b10

    • SSDEEP

      6144:Kt+kIDakXvs6RlA1Z7Nj70+F72RelqjLdl8fAB3UCxyK:E+kIDak/sH75gEEelsLdNBNyK

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks