Overview

overview

10

Static

static

1

KSACURFQAAB01.xla.xls

windows7-x64

10

KSACURFQAAB01.xla.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KSACURFQAAB01.xla.xlsx

  • Size

    645KB

  • Sample

    241106-szrjzavnhn

  • MD5

    0f35365b3df2274c5f34bd63be285912

  • SHA1

    52571d67c3f6bb3db33dfb79bf157b181c6e9b6a

  • SHA256

    8cd8de65f269a3096ab4090427fcb0d5f5ae99229f29465bc2bdb2c2ba304635

  • SHA512

    e68276ad9a3cf89f3ce721dce123515efce9a22061ecde74d6662689c34229575dcfa72ff9a606a9148d07877f6b4b74397500d26bf206b56554df0377ba3dac

  • SSDEEP

    12288:ebWNHd0zBVnumU9j/rVDWHlYG7GKanCl3qnklaYr+Uf:Ksd2u3FDWHlpVKXYr3

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0

exe.dropper

https://drive.google.com/uc?export=download&id=1UyHqwrnXClKBJ3j63Ll1t2StVgGxbSt0

Targets

    • Target

      KSACURFQAAB01.xla.xlsx

    • Size

      645KB

    • MD5

      0f35365b3df2274c5f34bd63be285912

    • SHA1

      52571d67c3f6bb3db33dfb79bf157b181c6e9b6a

    • SHA256

      8cd8de65f269a3096ab4090427fcb0d5f5ae99229f29465bc2bdb2c2ba304635

    • SHA512

      e68276ad9a3cf89f3ce721dce123515efce9a22061ecde74d6662689c34229575dcfa72ff9a606a9148d07877f6b4b74397500d26bf206b56554df0377ba3dac

    • SSDEEP

      12288:ebWNHd0zBVnumU9j/rVDWHlYG7GKanCl3qnklaYr+Uf:Ksd2u3FDWHlpVKXYr3

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks