1c807706a1bd874277a2b7bfc50f01e51340b2b55dd1894bf088e6780d8d3742 | Triage

Submit
Reports

Overview

overview

Static

static

1

1c807706a1...2.xlam

windows7-x64

1c807706a1...2.xlam

windows10-2004-x64

1

Sharing

General

Target

1c807706a1bd874277a2b7bfc50f01e51340b2b55dd1894bf088e6780d8d3742
Size

660KB
Sample

241026-br59qavmdp
MD5

9ab69e2024586e6b15194817176d81d1
SHA1

0ba9313a2b0d8f81226ea9f3dfc6bdb3d5a656e5
SHA256

1c807706a1bd874277a2b7bfc50f01e51340b2b55dd1894bf088e6780d8d3742
SHA512

1fb869351739101f6a7735d59bee00c3c5bb2210bbeee0210d578aea5c82ddc41f902685ed61a750a8b410b8e9cccd4feb2f836a86db562df6f35360d62c4fa8
SSDEEP

12288:nV+Gk+kB3ffiXmIOZ0ACqwuoCAiN1sQb8/+TBXC6tj2qoJkCE:VC+kBvfgOZ0ACioCAiNdbS+djZLoOCE

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

1c807706a1bd874277a2b7bfc50f01e51340b2b55dd1894bf088e6780d8d3742.xlam

Resource

win7-20240903-en

discovery execution

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c807706a1bd874277a2b7bfc50f01e51340b2b55dd1894bf088e6780d8d3742.xlam

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

- Target
  
  1c807706a1bd874277a2b7bfc50f01e51340b2b55dd1894bf088e6780d8d3742
- Size
  
  660KB
- MD5
  
  9ab69e2024586e6b15194817176d81d1
- SHA1
  
  0ba9313a2b0d8f81226ea9f3dfc6bdb3d5a656e5
- SHA256
  
  1c807706a1bd874277a2b7bfc50f01e51340b2b55dd1894bf088e6780d8d3742
- SHA512
  
  1fb869351739101f6a7735d59bee00c3c5bb2210bbeee0210d578aea5c82ddc41f902685ed61a750a8b410b8e9cccd4feb2f836a86db562df6f35360d62c4fa8
- SSDEEP
  
  12288:nV+Gk+kB3ffiXmIOZ0ACqwuoCAiN1sQb8/+TBXC6tj2qoJkCE:VC+kBvfgOZ0ACioCAiNdbS+djZLoOCE
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy