Overview

overview

10

task1

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea2825c1e42104e2336a386841870d14cd1a12de914a78b09a693a82af53e311.doc

  • Size

    153KB

  • Sample

    200127-nvz5nj7416

  • MD5

    948160ffbd062e441509512d571e8785

  • SHA1

    3f4e0704854fa09a20533b2b3d7fda368ebaf734

  • SHA256

    ea2825c1e42104e2336a386841870d14cd1a12de914a78b09a693a82af53e311

  • SHA512

    4d63d9a307b4eeb2314e867ff2c7731330086fbaa11acb6db4a51b568a0da22dd53e533de05529fff7b8879a3d2320450013b80bd2f3465e161b92a8979de455

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://fietsenmetkinderen.info/App_Data/ASHFouI/
exe.dropper

https://rokonworld.xyz/cgi-bin/bf99ypv-nka70qs-62/
exe.dropper

http://www.meubelontwerpstudioheyne.nl/languages/ndZNarqnj/
exe.dropper

http://bursary.engsoc.queensu.ca/wp-admin/48ech-ddpjkzp-29821620/
exe.dropper

http://lapmangfpt.haiphong.vn/wp-admin/k50i2cm5qi-9wnfau-7879373385/

Targets

    • Target

      ea2825c1e42104e2336a386841870d14cd1a12de914a78b09a693a82af53e311.doc

    • Size

      153KB

    • MD5

      948160ffbd062e441509512d571e8785

    • SHA1

      3f4e0704854fa09a20533b2b3d7fda368ebaf734

    • SHA256

      ea2825c1e42104e2336a386841870d14cd1a12de914a78b09a693a82af53e311

    • SHA512

      4d63d9a307b4eeb2314e867ff2c7731330086fbaa11acb6db4a51b568a0da22dd53e533de05529fff7b8879a3d2320450013b80bd2f3465e161b92a8979de455

    Score
    10/10

    • Process spawned unexpected child process

    task1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks