Overview

overview

10

Static

static

8

7 - Yes Network

windows7_x64

10

10 - Yes Network

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    estimate V343822 13-01.zip

  • Size

    42KB

  • Sample

    210113-wfrz54rwen

  • MD5

    1e6ad82659c655affc23f59b9e5f7028

  • SHA1

    3bc3f06c6238a9459c891ce7ffca4ad56e476ad6

  • SHA256

    bd894f5bdae9ffa1df813017bb2d51069db1f49f98ba5a7218f8e46fffb809d9

  • SHA512

    293661748a24d8de61efe5eea1eb6ab62c2020b7cd7e1f22055cbd118f42caec07b7e9fe02a0c10f274765be96aa419fcdd5d46a7aec80234821a92b85f590f6

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://globalruraldevelopmentagency.co.za/cgi-bin/inf/
exe.dropper

https://trioconcuerda.es/cgi-bin/Services/
exe.dropper

http://abbc.tv/wp-content/Triedit/
exe.dropper

http://asafina.co/wp-content/G3GLLO/
exe.dropper

http://bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/
exe.dropper

http://larissarobles.com/wp-admin/SIGNUP/

Targets

    • Target

      V343822.doc

    • Size

      86KB

    • MD5

      e0983f7a4c35fd6056be9cdf40bf27e8

    • SHA1

      b97825db147014805b7aa55f1e8f670cdc5d9f33

    • SHA256

      79ce7baebe9784a507b210c9959e8c1d20f80dd499cfb8077501fbc4c1b9489f

    • SHA512

      126074dfeab725ad8df6627f8ba63511620301faa98475d1ac80ce7ff6086971df435ff97a4b50661aec86b927a3f0a511f77eecbb21a8f0fa3a806627f75748

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks