Overview

overview

10

Static

static

1

d4571d7817...83.xls

windows7-x64

10

d4571d7817...83.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4571d781718a7871ea17ac8e91e17623319b921de2c9fb3a369f466cfde8683.xls

  • Size

    476KB

  • Sample

    241031-egx25s1kdr

  • MD5

    28795274503d8d74d85408746a7d1def

  • SHA1

    151fb154f9c1eb44528b2b221279e1a242f9c4cc

  • SHA256

    d4571d781718a7871ea17ac8e91e17623319b921de2c9fb3a369f466cfde8683

  • SHA512

    d34d5c24e0fa7fd7f798b072c24a0fe337ddafd5741e6d59ea784e2b431db0c7512221ad7eedaed0143bc9f5ca8b35b1856dae800cfc8666bf29aea6e026cc8d

  • SSDEEP

    12288:WPZLLFNkUxNgdoDKeu0VlFjbd/eAm94L8nn:4L/Vxqdoa0V7d/e0

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

    • Target

      d4571d781718a7871ea17ac8e91e17623319b921de2c9fb3a369f466cfde8683.xls

    • Size

      476KB

    • MD5

      28795274503d8d74d85408746a7d1def

    • SHA1

      151fb154f9c1eb44528b2b221279e1a242f9c4cc

    • SHA256

      d4571d781718a7871ea17ac8e91e17623319b921de2c9fb3a369f466cfde8683

    • SHA512

      d34d5c24e0fa7fd7f798b072c24a0fe337ddafd5741e6d59ea784e2b431db0c7512221ad7eedaed0143bc9f5ca8b35b1856dae800cfc8666bf29aea6e026cc8d

    • SSDEEP

      12288:WPZLLFNkUxNgdoDKeu0VlFjbd/eAm94L8nn:4L/Vxqdoa0V7d/e0

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks