General

  • Target

    PO-0715.xlsm

  • Size

    92KB

  • Sample

    200719-pta9zktkpa

  • MD5

    d89a828241cd67ebdc96a905e5924f24

  • SHA1

    90ef404e139164b266d553a5e094b01c0e810b4f

  • SHA256

    dd07e4b225894da846f284566118ccc96a2aabca90c24337f36ddcc7066eeef4

  • SHA512

    7b83617ed1b56eb3181ddf2a7bd9b9122eae6844cf881312fb2f8c1dc1cf62d92ac2a48b841235978d4f68ea59417009e85095eaabb97859b5e67989e86df6c5

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ventos.xyz/hen.exe

Targets

    • Target

      PO-0715.xlsm

    • Size

      92KB

    • MD5

      d89a828241cd67ebdc96a905e5924f24

    • SHA1

      90ef404e139164b266d553a5e094b01c0e810b4f

    • SHA256

      dd07e4b225894da846f284566118ccc96a2aabca90c24337f36ddcc7066eeef4

    • SHA512

      7b83617ed1b56eb3181ddf2a7bd9b9122eae6844cf881312fb2f8c1dc1cf62d92ac2a48b841235978d4f68ea59417009e85095eaabb97859b5e67989e86df6c5

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks