Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

2761395201.xls
Size

1MB
Sample

200624-aqkxbkknsj
MD5

a17e5c6d0278bc25eb69a5b39a902372
SHA1

34c74a1ee53e94fd1b782af2a21c38af6cca760c
SHA256

3b137cbbd7a33bbed25b28a49a7d05ede977ad0e8cf586873bbafcfe375ec699
SHA512

d5b000c1622d9cfb21adca877e54f01a7fc63fb2ea6d776eb59abd4a457a04371dab914cf8f1d23fe146e08d430e438ab2bb67f91b3bcacf91b28dcd82b493cb

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

http://office-services-sec.com/crimea.ps1

Targets

- Target
  
  2761395201.xls
- Size
  
  1MB
- MD5
  
  a17e5c6d0278bc25eb69a5b39a902372
- SHA1
  
  34c74a1ee53e94fd1b782af2a21c38af6cca760c
- SHA256
  
  3b137cbbd7a33bbed25b28a49a7d05ede977ad0e8cf586873bbafcfe375ec699
- SHA512
  
  d5b000c1622d9cfb21adca877e54f01a7fc63fb2ea6d776eb59abd4a457a04371dab914cf8f1d23fe146e08d430e438ab2bb67f91b3bcacf91b28dcd82b493cb
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blacklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2