Overview

overview

10

Static

static

1

Scandocs.xls

windows7-x64

10

Scandocs.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scandocs.xls

  • Size

    646KB

  • Sample

    241105-h7kfhsxarh

  • MD5

    36d0ab08e6d13427c73bb3bcf647974a

  • SHA1

    f5c90bd4bc4245a020090e0716f1df6f47adbc14

  • SHA256

    a11c3b13c7f4a3f7fb760b9740a681ed05b2d071ca021a77e7121b49ab485233

  • SHA512

    2800baa385524cf5a8893a6e134b1dbd179fcbb09e6653b0b661889913b593651dc28ef4004dc89984f61b2403245ae34768cda6918d6d78cd3abdeb14530e2a

  • SSDEEP

    12288:AKVbWNHd0zBREjqtnOdOXIOfYeG7vtjh1pKwf2yatxDnpSIbYOPI15QZ35:Lsd6/tnamfeFjbplfTazzb20Z3

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0

exe.dropper

https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0

Targets

    • Target

      Scandocs.xls

    • Size

      646KB

    • MD5

      36d0ab08e6d13427c73bb3bcf647974a

    • SHA1

      f5c90bd4bc4245a020090e0716f1df6f47adbc14

    • SHA256

      a11c3b13c7f4a3f7fb760b9740a681ed05b2d071ca021a77e7121b49ab485233

    • SHA512

      2800baa385524cf5a8893a6e134b1dbd179fcbb09e6653b0b661889913b593651dc28ef4004dc89984f61b2403245ae34768cda6918d6d78cd3abdeb14530e2a

    • SSDEEP

      12288:AKVbWNHd0zBREjqtnOdOXIOfYeG7vtjh1pKwf2yatxDnpSIbYOPI15QZ35:Lsd6/tnamfeFjbplfTazzb20Z3

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks