Overview

overview

10

Static

static

8

E3-20210112_2343.doc

windows7_x64

10

E3-20210112_2343.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E3-20210112_2343

  • Size

    157KB

  • Sample

    210113-jlw3a21b12

  • MD5

    df66ce237d60ca77253674acb51f9420

  • SHA1

    38e3feb8cf7b573eaaac69213809ea8300199ed8

  • SHA256

    d165beb4c7b032b989d7681e8d08557ed1f8c937a874fc43701aa61efa9e1992

  • SHA512

    f1a337cdc4c73d16176d9c6c6389c2dd78b14e680e028b2199d629938bb826df4182e54a5be72fe05d4f4ae9630cbbe6ff8c9e9590ed1a168344e6e7e3743e3b

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://adsavy.com/files/pJ/
exe.dropper

http://bestpopping.com/electric-auger-n0ao3/Emwmeyje76/
exe.dropper

http://replanliving.co.uk/wp-content/microsoft/
exe.dropper

https://rashmimaheshwari.com/content/SIGNUP/
exe.dropper

https://www.infoquick.co.uk/myfriends/Help/
exe.dropper

http://calledtochange.org/CalledtoChange/Systems/

Targets

    • Target

      E3-20210112_2343

    • Size

      157KB

    • MD5

      df66ce237d60ca77253674acb51f9420

    • SHA1

      38e3feb8cf7b573eaaac69213809ea8300199ed8

    • SHA256

      d165beb4c7b032b989d7681e8d08557ed1f8c937a874fc43701aa61efa9e1992

    • SHA512

      f1a337cdc4c73d16176d9c6c6389c2dd78b14e680e028b2199d629938bb826df4182e54a5be72fe05d4f4ae9630cbbe6ff8c9e9590ed1a168344e6e7e3743e3b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks