7b2d140ba3e0b4d4314218b60f89e57491385f357a277d8caed2c2d950383739 | Triage

Submit
Reports

Overview

overview

Static

static

1

7b2d140ba3...9.xlam

windows7-x64

7b2d140ba3...9.xlam

windows10-2004-x64

1

Sharing

General

Target

7b2d140ba3e0b4d4314218b60f89e57491385f357a277d8caed2c2d950383739
Size

596KB
Sample

241026-bjhhpaxdmc
MD5

1ae6847360fe3bb54193d6009b0c024c
SHA1

9a1b6a797a07ed45ca653f961837f8cd0a8d181c
SHA256

7b2d140ba3e0b4d4314218b60f89e57491385f357a277d8caed2c2d950383739
SHA512

4c3c081453f6c560c5f9b8cb33a4749cf1d8c25836da4df67034cb8ed3ae1ae82c17b593e483afb461e1ba69ba5bedcc4642b70547ae07660ac5453b440bd548
SSDEEP

12288:2KuRV8lIiUy6at3sbD91hmnF0+3KZ3BhP3CZ8UUqud5yM:pIA6m3sv7hmnFbwh/CZ8tWM

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

7b2d140ba3e0b4d4314218b60f89e57491385f357a277d8caed2c2d950383739.xlam

Resource

win7-20240903-en

discovery execution

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7b2d140ba3e0b4d4314218b60f89e57491385f357a277d8caed2c2d950383739.xlam

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

- Target
  
  7b2d140ba3e0b4d4314218b60f89e57491385f357a277d8caed2c2d950383739
- Size
  
  596KB
- MD5
  
  1ae6847360fe3bb54193d6009b0c024c
- SHA1
  
  9a1b6a797a07ed45ca653f961837f8cd0a8d181c
- SHA256
  
  7b2d140ba3e0b4d4314218b60f89e57491385f357a277d8caed2c2d950383739
- SHA512
  
  4c3c081453f6c560c5f9b8cb33a4749cf1d8c25836da4df67034cb8ed3ae1ae82c17b593e483afb461e1ba69ba5bedcc4642b70547ae07660ac5453b440bd548
- SSDEEP
  
  12288:2KuRV8lIiUy6at3sbD91hmnF0+3KZ3BhP3CZ8UUqud5yM:pIA6m3sv7hmnFbwh/CZ8tWM
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy