Overview

overview

10

Static

static

8

Default

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UNTITLED_20210113_042087.zip

  • Size

    85KB

  • Sample

    210113-kfhg3zwq62

  • MD5

    c02bffef8e3cfa38bc08c6908dee924f

  • SHA1

    a56e64363505c3934aff87e80a1a167d3381fe74

  • SHA256

    bc229990e5442e9a7fbf8cea95356a795cd30266e0bff8eab1c03a4b1c28ada5

  • SHA512

    396dfca235f7818f0e6902e0638ecf4fcdee68db746cd4d6c369f2cbe665b5d36ce35d8f62dd327ca552fa8689743125a68891716ac59e1d64a1b2cdf2e7b1fe

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://baselinealameda.com/j/uoB/
exe.dropper

http://abdindash.xyz/b/Yonhx/
exe.dropper

https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
exe.dropper

https://craku.tech/h/iXbreOs/
exe.dropper

https://nicoblogroms.com/c/V9w0b5/
exe.dropper

https://www.taradhuay.com/d/oT5uG/
exe.dropper

https://altcomconstruction.com/wp-includes/or7/

Targets

    • Target

      UNTITLED_20210113_042087.doc

    • Size

      156KB

    • MD5

      5139780280d0f70237282c051636f5da

    • SHA1

      2bc56221cae38470dcb519ce993283be4246b6df

    • SHA256

      45e1f8d0848560bf3b1d4630d8a02853bdf6eb8e9346da9baf9c04562281f9ef

    • SHA512

      f123c04f5b7978e04dc7ba46da318f0d3b8d9f2cb623a71a6c18ffb5eebf36bcab29a85f6af0e72453b40849b57d4b2764c952fe4da085b39294cd3365ea56b2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks