262e7dbbdb91878827837b289db207d9bfb548e9b3f9775e9e16532cc51c4e82 | Triage

Submit
Reports

Overview

overview

Static

static

8

262e7dbbdb...82.xls

windows7-x64

262e7dbbdb...82.xls

windows10-2004-x64

Sharing

General

Target

262e7dbbdb91878827837b289db207d9bfb548e9b3f9775e9e16532cc51c4e82
Size

88KB
Sample

241120-knsc5ayphj
MD5

4a6069ce4a670a2303b469f975d37862
SHA1

cd3a566a0da0566510cfe000444382e3e46d1615
SHA256

262e7dbbdb91878827837b289db207d9bfb548e9b3f9775e9e16532cc51c4e82
SHA512

63531950c098bfb763dc02cdfa7a0b5aa57ea8a320218bc875ec62f5a69a9535b950910d35b11bc191c9b3e613240e9b1625039f1e89af308fc00cc62a2f8743
SSDEEP

1536:Xyehv7q2Pjx45uoDGTj+5xtekEvi8/dgL8EsAeE9jbDXQAYskWvgrPE4nWHPNc2G:Xyehv7q2Pjx45uoDGTj+5xtekEvi8/dh

Score

10^/10

discovery execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

262e7dbbdb91878827837b289db207d9bfb548e9b3f9775e9e16532cc51c4e82.xls

Resource

win7-20240903-en

discovery execution

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

262e7dbbdb91878827837b289db207d9bfb548e9b3f9775e9e16532cc51c4e82.xls

Resource

win10v2004-20241007-en

discovery execution

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://wearsweetbomb.com/wp-content/15zZybP1EXttxDK4JH/

exe.dropper

https://1566xueshe.com/wp-includes/z92ZVqHH8/

exe.dropper

http://mymicrogreen.mightcode.com/Fox-C/NWssAbNOJDxhs/

exe.dropper

http://o2omart.co.in/infructuose/m4mgt2MeU/

exe.dropper

http://mtc.joburg.org.za/-/GBGJeFxXWlNbABv2/

exe.dropper

http://www.ama.cu/jpr/VVP/

exe.dropper

http://actividades.laforetlanguages.com/wp-admin/dU8Ds/

exe.dropper

https://dwwmaster.com/wp-content/1sR2HfFxQnkWuu/

exe.dropper

https://edu-media.cn/wp-admin/0JAE/

exe.dropper

https://iacademygroup.cl/office/G42LJPLkl/

exe.dropper

https://znzhou.top/mode/0Qb/

Targets

- Target
  
  262e7dbbdb91878827837b289db207d9bfb548e9b3f9775e9e16532cc51c4e82
- Size
  
  88KB
- MD5
  
  4a6069ce4a670a2303b469f975d37862
- SHA1
  
  cd3a566a0da0566510cfe000444382e3e46d1615
- SHA256
  
  262e7dbbdb91878827837b289db207d9bfb548e9b3f9775e9e16532cc51c4e82
- SHA512
  
  63531950c098bfb763dc02cdfa7a0b5aa57ea8a320218bc875ec62f5a69a9535b950910d35b11bc191c9b3e613240e9b1625039f1e89af308fc00cc62a2f8743
- SSDEEP
  
  1536:Xyehv7q2Pjx45uoDGTj+5xtekEvi8/dgL8EsAeE9jbDXQAYskWvgrPE4nWHPNc2G:Xyehv7q2Pjx45uoDGTj+5xtekEvi8/dh
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

discoveryexecution

behavioral2

discoveryexecution

© 2018-2025

Terms | Privacy