Overview

overview

10

Static

static

8

96bf0039c8...8c.xls

windows7-x64

10

96bf0039c8...8c.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e3d989062638b90b15bd109ea8d4001b691c6f3f2399f230ec3270891359e3a.zip

  • Size

    352KB

  • Sample

    250325-g7fa5awj16

  • MD5

    6d5556536a5860eaf4320273d4aa8aac

  • SHA1

    f60e8cdd6fd3628a988fa6ccee57f8761bce28b7

  • SHA256

    0e3d989062638b90b15bd109ea8d4001b691c6f3f2399f230ec3270891359e3a

  • SHA512

    9609488513d13fed41fbbf18458087f689765d29dae2d4ae7afc38244c549d921e5d761310aecdbf994d36ff71aaeb913d85c1c23aa0f0ce0c3d52d1ecf05b21

  • SSDEEP

    6144:9oVXqk8AE1/9xfADFY6tnmVb1Y+E/GJPqWNgJ6U4tpsIztWvkNlfAxS:+syg/bADFYqmQ+E/GxqWNyF4tpTz8MP/

Score
10/10
discoveryexecutionmacromacro_on_action

Malware Config

Targets

    • Target

      96bf0039c8086e96b175fc8c5d09bd6ebb70c40a7f3a00293eebe287da4ecc8c.xls

    • Size

      440KB

    • MD5

      06278f61fb1e92e3f197930234fa6eb8

    • SHA1

      34b83031b8bcbfeb820fa65a09f6e480a4f430b0

    • SHA256

      96bf0039c8086e96b175fc8c5d09bd6ebb70c40a7f3a00293eebe287da4ecc8c

    • SHA512

      ffaa4f467e3b1669ad589342cede512cedd727c78ea70fe366c2b42482260db0dd54bce99471fb52c422f7795c3b7361e7ce5b754b6507debbaf1d6625120556

    • SSDEEP

      6144:Qk3hOdsylKlgxopeiBNhZF+E+W2kdAsoCbk1cVVXVKJKYWX36lvpxtZcEfz0/B9D:FhZh3cpFL0/WuYzqD0VlU9Z

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks