Overview

overview

10

Static

static

8

Default

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inf-20210113-RRQ4296.zip

  • Size

    85KB

  • Sample

    210112-zp8f9evxes

  • MD5

    7c6cafb0561475dcc631b3b693aed4b1

  • SHA1

    dc84d651bd8346316d7b4f54a928b4cb73689f83

  • SHA256

    686bb0faa8e805bb193c3063c7fb3993551c8e81ee47af536bcbd3ea0afa70d6

  • SHA512

    86efc2da8351c2dfdbeab8404dada366195eff856d2948b66b0c1224a34932d28d3239ebd4a9846233aa85872f45cca56d19e5af48707a0a31345057cb28ec6c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://baselinealameda.com/j/uoB/
exe.dropper

http://abdindash.xyz/b/Yonhx/
exe.dropper

https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
exe.dropper

https://craku.tech/h/iXbreOs/
exe.dropper

https://nicoblogroms.com/c/V9w0b5/
exe.dropper

https://www.taradhuay.com/d/oT5uG/
exe.dropper

https://altcomconstruction.com/wp-includes/or7/

Targets

    • Target

      Inf-20210113-RRQ4296.doc

    • Size

      156KB

    • MD5

      3a5678052145f087c13cb48c90c42a9f

    • SHA1

      7b48570b487963b774951124aca732d096409cae

    • SHA256

      e5f4c0869a8a4f10e85cf0ee7799f053402929df853f25d2215271061395fc3a

    • SHA512

      bcd441a7a736fd1b22d731672f2ddefdf36dadcc3b3961a2e3b19e4bc3813837d8591ae0e5480c736db151f489c745de7d33c6ae75636d4f380a1cc885c29b5e

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks