Overview

overview

10

Static

static

8

Payment Report.doc

windows7_x64

10

Payment Report.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Report.doc

  • Size

    159KB

  • Sample

    210113-1tvj4xhdm6

  • MD5

    b676b077b904eb38a71b7b91270f94a4

  • SHA1

    2596deafbc115c6cabd757aed3a7e0dd82339dc7

  • SHA256

    7a9bcc373514abad49c519a28a4229cc43b1e255bc0c8f2035ced9a1e973689c

  • SHA512

    c5f4f8c2d2f57599934c04b2f39344a82ef423c938fa8a2cac35d55f356a1ad837982bb285df0e082f1aa461bc1a439de18cbb5d7b5c095fd27b1eb921b230d2

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://familylifetruth.com/cgi-bin/PPq7/
exe.dropper

https://coshou.com/wp-admin/EM/
exe.dropper

https://www.todoensaludips.com/wp-includes/9/
exe.dropper

https://dieuhoaxanh.vn/wp-admin/a/
exe.dropper

http://cahyaproperty.bbtbatam.com/mhD/
exe.dropper

http://depannage-vehicule-maroc.com/wp-admin/c/
exe.dropper

https://techworldo.com/cgi-bin/gcZ/

Targets

    • Target

      Payment Report.doc

    • Size

      159KB

    • MD5

      b676b077b904eb38a71b7b91270f94a4

    • SHA1

      2596deafbc115c6cabd757aed3a7e0dd82339dc7

    • SHA256

      7a9bcc373514abad49c519a28a4229cc43b1e255bc0c8f2035ced9a1e973689c

    • SHA512

      c5f4f8c2d2f57599934c04b2f39344a82ef423c938fa8a2cac35d55f356a1ad837982bb285df0e082f1aa461bc1a439de18cbb5d7b5c095fd27b1eb921b230d2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks