Overview

overview

10

Static

static

8

inf-202101...78.doc

windows7_x64

10

inf-202101...78.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    inf-20210113-B43678.zip

  • Size

    85KB

  • Sample

    210113-gz1x2c5aj2

  • MD5

    6056f8a6f57e51d09f1d5b504ee0d96d

  • SHA1

    e920e3dae3d99dc5a43491421298e3a91337c44c

  • SHA256

    781966f8dc6ce26c54405d759538b391b59c531e2b03d137328ea6bc9e9b7052

  • SHA512

    2ace9b0d61515d540fc3ebd2d84c244e539f2bd6918c6cb43aad65dd5594a8ae6f88d04562934937c2b274846608b1d5d6654c8e54f60427f021bc734ac078f8

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://baselinealameda.com/j/uoB/
exe.dropper

http://abdindash.xyz/b/Yonhx/
exe.dropper

https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
exe.dropper

https://craku.tech/h/iXbreOs/
exe.dropper

https://nicoblogroms.com/c/V9w0b5/
exe.dropper

https://www.taradhuay.com/d/oT5uG/
exe.dropper

https://altcomconstruction.com/wp-includes/or7/

Targets

    • Target

      inf-20210113-B43678.doc

    • Size

      158KB

    • MD5

      50c334182f04b01fd3b55f0324ae39c9

    • SHA1

      a06480bad89cd333d7c48330e89c8dbd758c6f6b

    • SHA256

      79695d1cf1b881a4ba7f850f5d71796605abc71286de3a809002a423032dee59

    • SHA512

      bcd2721737de9d83d540f0f8119a56fcc273bc550d221a0748d7378b8c6d8d5241bb064ca93c6e2880da61f5aac5786f5b7be86f1d177acafdef5fc5c5bb9baf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks