Overview

overview

10

Static

static

8

DOC_1301_U...11.doc

windows7_x64

10

DOC_1301_U...11.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOC_1301_U_92121711.zip

  • Size

    85KB

  • Sample

    210113-x87zk8283x

  • MD5

    b0d70ee90798934b459a8fb574ea8a9f

  • SHA1

    57b2fece3bf41c20a1e3fb944b0398299645c987

  • SHA256

    eda35c0ea618a57ad379515f8d2c25b8a52a88ccb372ec7defba3c0eb3259876

  • SHA512

    0fa25e8e5006b9dd418ad9214d0907574568c4a31bc2bc766ff1ca82e2c11d7c94519e5b7823edcf06bfdb72032cd63ed16e516bf9e782f207be36835d95f26f

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://smkbudiagung.com/wp-content/VoPg04/
exe.dropper

https://ats-tx.com/old/f1X/
exe.dropper

http://avanttipisos.com.br/catalogo-virtual/U/
exe.dropper

http://mpeakecreations.co.za/cgi-bin/vVk1rw/
exe.dropper

http://adres-ug.ru/wp-admin/IItD/
exe.dropper

https://theraven.pk/overwolf-r6-vdace/UH4fL/
exe.dropper

http://bhar.com.br/elementos/MQfB/

Targets

    • Target

      DOC_1301_U_92121711.doc

    • Size

      158KB

    • MD5

      7f013028b389d513b3ecdb0314a8e565

    • SHA1

      6ab79010a6d9ceef32f6c7429a20fab9c2b3e161

    • SHA256

      1186bddeaa3cf409c79c698387ea235caec1d0f737790405f6cc12f64b90b5e5

    • SHA512

      38ca252877b342847d90fa20962ac9097038699b46645474eef57a31c12ac873ba56f64fe39cf576315442e8e232877d519e1be3d857daa679a7798ac2a96680

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks