Overview

overview

10

Static

static

8

Services_r...27.doc

windows7_x64

10

Services_r...27.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Services_rates_2020_5827.doc

  • Size

    216KB

  • Sample

    200709-w17f3tkbtj

  • MD5

    0cf66a8acb001dec28b7b435eb99f5dc

  • SHA1

    dedfea0359abf9a86fda23c08e5f104fee2381da

  • SHA256

    c349284b06e9b48111c6c52601acb120e869b3762dda91b19acb9918302c1ff0

  • SHA512

    bd09fd21ef0a3fdad49847f9332b1246f094a4922f010568e6e2d7b634e7484bba4c7084b91c83b363aff4dcf675cc0002c43cf2387f44b5a2cacdf3aeb4d9bf

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://192.99.255.45/nK4BkocTY7jz.php

Targets

    • Target

      Services_rates_2020_5827.doc

    • Size

      216KB

    • MD5

      0cf66a8acb001dec28b7b435eb99f5dc

    • SHA1

      dedfea0359abf9a86fda23c08e5f104fee2381da

    • SHA256

      c349284b06e9b48111c6c52601acb120e869b3762dda91b19acb9918302c1ff0

    • SHA512

      bd09fd21ef0a3fdad49847f9332b1246f094a4922f010568e6e2d7b634e7484bba4c7084b91c83b363aff4dcf675cc0002c43cf2387f44b5a2cacdf3aeb4d9bf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks