Overview

overview

10

Static

static

8

E1-20210112_1959.doc

windows7_x64

10

E1-20210112_1959.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E1-20210112_1959

  • Size

    157KB

  • Sample

    210112-c1kz5eclpn

  • MD5

    512c3b7b2e569cec221339670f9444c6

  • SHA1

    413a3f2403985880e8ad0e4d3880c00eeea93c36

  • SHA256

    32e85191ad3dfdbc3981cb5cdb0bb35c19721be3604702e8fff800b91b55f854

  • SHA512

    e7452bd68bf8c5eeaf58a8f16468ea84bcc0047351dea9525549faffa13112dff97f345296456af544f892f8c3c3a2e753e16830fb6c9d02e83d3241d7500c3c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://baselinealameda.com/j/uoB/
exe.dropper

http://abdindash.xyz/b/Yonhx/
exe.dropper

https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
exe.dropper

https://craku.tech/h/iXbreOs/
exe.dropper

https://nicoblogroms.com/c/V9w0b5/
exe.dropper

https://www.taradhuay.com/d/oT5uG/
exe.dropper

https://altcomconstruction.com/wp-includes/or7/

Targets

    • Target

      E1-20210112_1959

    • Size

      157KB

    • MD5

      512c3b7b2e569cec221339670f9444c6

    • SHA1

      413a3f2403985880e8ad0e4d3880c00eeea93c36

    • SHA256

      32e85191ad3dfdbc3981cb5cdb0bb35c19721be3604702e8fff800b91b55f854

    • SHA512

      e7452bd68bf8c5eeaf58a8f16468ea84bcc0047351dea9525549faffa13112dff97f345296456af544f892f8c3c3a2e753e16830fb6c9d02e83d3241d7500c3c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks