Overview

overview

10

Static

static

8

Account_30...20.doc

windows7_x64

10

Account_30...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Account_30_12_2020.doc

  • Size

    156KB

  • Sample

    210113-h9w7qh2yja

  • MD5

    97213d62042927ecab4a2608b38a37af

  • SHA1

    d4c68b37c5729d94699e00e8fc1edf97a18ba599

  • SHA256

    9d1c6b80623e5e370ed018b95870675936022c4a9bf0ddc1378db520b304309e

  • SHA512

    4e89d7541e38a797c279f8e271adb06ba54a2764d29a8b4e33b93bb79bee74f1affa147ac3dfd9cd4e6330290dda64cac1b99a7f7fd4b3bc0e5c14cc4d6196f6

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.mypostletter.com/wp-admin/G3/
exe.dropper

http://www.trueapparels.com/a/4k/
exe.dropper

http://iut-bethune.univ-artois.fr/benefits-of-hhnzoet/T/
exe.dropper

http://www.xportfreight.com/wp-content/c/
exe.dropper

http://talentvalue.com/wp-admin/DEoUM/
exe.dropper

https://skyeconsultoria.com.br/wp-admin/co/
exe.dropper

https://atprofessional.org/wp-content/O6Vey/

Targets

    • Target

      Account_30_12_2020.doc

    • Size

      156KB

    • MD5

      97213d62042927ecab4a2608b38a37af

    • SHA1

      d4c68b37c5729d94699e00e8fc1edf97a18ba599

    • SHA256

      9d1c6b80623e5e370ed018b95870675936022c4a9bf0ddc1378db520b304309e

    • SHA512

      4e89d7541e38a797c279f8e271adb06ba54a2764d29a8b4e33b93bb79bee74f1affa147ac3dfd9cd4e6330290dda64cac1b99a7f7fd4b3bc0e5c14cc4d6196f6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks