Overview

overview

10

Static

static

8

Archivo 20...52.doc

windows7_x64

10

Archivo 20...52.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Archivo 2020-R7352.doc

  • Size

    159KB

  • Sample

    210113-3xwm3y48rx

  • MD5

    b1c051ba9d0d7843ab2d42babb2b92d1

  • SHA1

    90cb16b7cacb0536a6ca8fdea2da8cdb6be86ff1

  • SHA256

    2e5599c71028de6a5c1202946484ff5020f38bb282b78e69aade9c840c3e2f24

  • SHA512

    e9d304415157b1760c55e8784621396482908668905eebaf389959693725ba61397064f5fc21b31d8eb1cbbab64d88efa6232cba743f34d90dd1c7dd71ba7b4b

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://familylifetruth.com/cgi-bin/PPq7/
exe.dropper

https://coshou.com/wp-admin/EM/
exe.dropper

https://www.todoensaludips.com/wp-includes/9/
exe.dropper

https://dieuhoaxanh.vn/wp-admin/a/
exe.dropper

http://cahyaproperty.bbtbatam.com/mhD/
exe.dropper

http://depannage-vehicule-maroc.com/wp-admin/c/
exe.dropper

https://techworldo.com/cgi-bin/gcZ/

Targets

    • Target

      Archivo 2020-R7352.doc

    • Size

      159KB

    • MD5

      b1c051ba9d0d7843ab2d42babb2b92d1

    • SHA1

      90cb16b7cacb0536a6ca8fdea2da8cdb6be86ff1

    • SHA256

      2e5599c71028de6a5c1202946484ff5020f38bb282b78e69aade9c840c3e2f24

    • SHA512

      e9d304415157b1760c55e8784621396482908668905eebaf389959693725ba61397064f5fc21b31d8eb1cbbab64d88efa6232cba743f34d90dd1c7dd71ba7b4b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks