Overview

overview

10

Static

static

1

d4bb6fcd20...be.xls

windows7-x64

10

d4bb6fcd20...be.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4bb6fcd2077fab4abe6012089f2bffbee52b0cc5b69ccc2b5e250672bee25be.xls

  • Size

    1.1MB

  • Sample

    241121-kjv88azqfs

  • MD5

    2eb01e0a87e7c2c842bce6d75f34e083

  • SHA1

    df9ae618023a951ebacb254ec51ac1306c87cc73

  • SHA256

    d4bb6fcd2077fab4abe6012089f2bffbee52b0cc5b69ccc2b5e250672bee25be

  • SHA512

    3a3f9649ef09b2b01dbabd2ca1c3291272590bb7ef56899eee58e058242ccb5b498e2e30cf302abc97cc2f6ec1dfe930d15d29a8ed2444108e204519d966735d

  • SSDEEP

    24576:/uq9PLiijE2Z5Z2amC/gY/tMJE8F84LJQohy5bLFqQEbG1jcu:/uEPLiij7Z5ZK0g8tMpFjLJQohy5VqLQ

Score
10/10
defense_evasiondiscoveryexecution

Malware Config

Targets

    • Target

      d4bb6fcd2077fab4abe6012089f2bffbee52b0cc5b69ccc2b5e250672bee25be.xls

    • Size

      1.1MB

    • MD5

      2eb01e0a87e7c2c842bce6d75f34e083

    • SHA1

      df9ae618023a951ebacb254ec51ac1306c87cc73

    • SHA256

      d4bb6fcd2077fab4abe6012089f2bffbee52b0cc5b69ccc2b5e250672bee25be

    • SHA512

      3a3f9649ef09b2b01dbabd2ca1c3291272590bb7ef56899eee58e058242ccb5b498e2e30cf302abc97cc2f6ec1dfe930d15d29a8ed2444108e204519d966735d

    • SSDEEP

      24576:/uq9PLiijE2Z5Z2amC/gY/tMJE8F84LJQohy5bLFqQEbG1jcu:/uEPLiij7Z5ZK0g8tMpFjLJQohy5VqLQ

    Score
    10/10
    defense_evasiondiscoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Evasion via Device Credential Deployment

      defense_evasionexecution

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks