Overview

overview

10

Static

static

8

4b42cea522...d7.xls

windows7-x64

10

4b42cea522...d7.xls

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b42cea522e48b27e21a52991f010848e0a5c6e0e42255b7a5323afb81b03dd7

  • Size

    28KB

  • Sample

    240920-xgj5dssapd

  • MD5

    14399d9b212ebf920943652ba1e7f5e3

  • SHA1

    2411de8a3f816645015e912bd92e5369c6e5b0c9

  • SHA256

    4b42cea522e48b27e21a52991f010848e0a5c6e0e42255b7a5323afb81b03dd7

  • SHA512

    72f667df460361c44e51558fc09b035569bc570567ac732c25c5996f3e844170acf2d42439964993aeae04c41b7218226c5e989a7b9d78eacaf11b4a8b3f0c7b

  • SSDEEP

    384:i8LD/TZxA6ymevz2NsdHLpeAokr25Uen/WWA/E:rD/N+6devz2NsdHLQkr25U6We

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://oshi.at/LdxX

Targets

    • Target

      4b42cea522e48b27e21a52991f010848e0a5c6e0e42255b7a5323afb81b03dd7

    • Size

      28KB

    • MD5

      14399d9b212ebf920943652ba1e7f5e3

    • SHA1

      2411de8a3f816645015e912bd92e5369c6e5b0c9

    • SHA256

      4b42cea522e48b27e21a52991f010848e0a5c6e0e42255b7a5323afb81b03dd7

    • SHA512

      72f667df460361c44e51558fc09b035569bc570567ac732c25c5996f3e844170acf2d42439964993aeae04c41b7218226c5e989a7b9d78eacaf11b4a8b3f0c7b

    • SSDEEP

      384:i8LD/TZxA6ymevz2NsdHLpeAokr25Uen/WWA/E:rD/N+6devz2NsdHLQkr25U6We

    Score
    10/10
    discoverymacromacro_on_action

    • Blocklisted process makes network request

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

      macromacro_on_action

    • Deletes itself

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks