Overview

overview

10

Static

static

1

8d63eba4ef...40.xls

windows7-x64

10

8d63eba4ef...40.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d63eba4ef2da4efb846b76e1165589c6454d62be2cacdb33a25fc2b86da3840.xls

  • Size

    600KB

  • Sample

    240823-cszc8szgqd

  • MD5

    b3a4dad414b683e71cc5a43103cb4f6c

  • SHA1

    2632340f6e7396d35fdb6cca25b17c38d3144076

  • SHA256

    8d63eba4ef2da4efb846b76e1165589c6454d62be2cacdb33a25fc2b86da3840

  • SHA512

    83c538d6c575b1e7e7950986580836a97e783e9cf7e7e50095d85e9d580d201892c73c64a939e3df9301f1e0648f78b6f84f3b11d9ebaf589d4c24a4eaef7401

  • SSDEEP

    12288:YxgMvj3Qtb78ziZCc25R/7A188T2y4eMAOJDNbOmONi2AZOk5Zz7:u8h78zoCc25R/U188T2yU65NAd5

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      8d63eba4ef2da4efb846b76e1165589c6454d62be2cacdb33a25fc2b86da3840.xls

    • Size

      600KB

    • MD5

      b3a4dad414b683e71cc5a43103cb4f6c

    • SHA1

      2632340f6e7396d35fdb6cca25b17c38d3144076

    • SHA256

      8d63eba4ef2da4efb846b76e1165589c6454d62be2cacdb33a25fc2b86da3840

    • SHA512

      83c538d6c575b1e7e7950986580836a97e783e9cf7e7e50095d85e9d580d201892c73c64a939e3df9301f1e0648f78b6f84f3b11d9ebaf589d4c24a4eaef7401

    • SSDEEP

      12288:YxgMvj3Qtb78ziZCc25R/7A188T2y4eMAOJDNbOmONi2AZOk5Zz7:u8h78zoCc25R/U188T2yU65NAd5

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks