Malware sandboxing report by Hatching Triage

General

Target

75fc337dd52e7d9cd46cb3a7938551eeefc05a67075a62e6442a0b6501c4fd0a
Size

288KB
Sample

201029-rlwnnmsdx6
MD5

04d224ec52eb178906699f26756254fa
SHA1

b9387fc3417846ce5f567e258644b6b45d7c135e
SHA256

75fc337dd52e7d9cd46cb3a7938551eeefc05a67075a62e6442a0b6501c4fd0a
SHA512

2916a9630eb386bd6694d456c47c8b173289fd866a4787d25b3fd8b7906f5670c14eea5f1b13a283772d28c9159ba1c8bde03c8f97826c0b83b52527a45b4e8d

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://innhanmachn.com/wp-admin/sA/

exe.dropper

http://shomalhouse.com/wp-includes/ID3/IDz/

exe.dropper

http://blog.martyrolnick.com/wp-admin/Spq/

exe.dropper

https://www.frajamomadrid.com/wp-content/g/

exe.dropper

https://pesquisacred.com/vmware-unlocker/daC/

exe.dropper

https://medhempfarm.com/wp-admin/Lb/

exe.dropper

http://ienglishabc.com/cow/2BB/

Targets

- Target
  
  75fc337dd52e7d9cd46cb3a7938551eeefc05a67075a62e6442a0b6501c4fd0a
- Size
  
  288KB
- MD5
  
  04d224ec52eb178906699f26756254fa
- SHA1
  
  b9387fc3417846ce5f567e258644b6b45d7c135e
- SHA256
  
  75fc337dd52e7d9cd46cb3a7938551eeefc05a67075a62e6442a0b6501c4fd0a
- SHA512
  
  2916a9630eb386bd6694d456c47c8b173289fd866a4787d25b3fd8b7906f5670c14eea5f1b13a283772d28c9159ba1c8bde03c8f97826c0b83b52527a45b4e8d
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blacklisted process makes network request
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

macro

Score

8^/10

behavioral1

Score

10^/10

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blacklisted process makes network request

MITRE ATT&CK Matrix

Tasks

static1

behavioral1