Overview

overview

10

Static

static

8

Lijst-3121...25.doc

windows7_x64

10

Lijst-3121...25.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lijst-312193-51028025.doc

  • Size

    160KB

  • Sample

    210114-38jjafa6tn

  • MD5

    29a4ea6a463ddf82de1e03bb924e7d6b

  • SHA1

    a0ac2cd61171e18c65393d81ff7e59cb764cd097

  • SHA256

    e5aa021fb139265c34bdf1a7caab6b2954c71a9a83a8050364c1a95fddd7e0c7

  • SHA512

    b89887ac2511ba4168517a7eff2f35d6f71a680e65fb12422e11d1bc13909f160ba4679a6dc12b4f5215eeaf34487b76e8df5d249b4789a3a86081df6efa8ce3

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fynart.com/wp-admin/aNuMy/
exe.dropper

http://dermedicoclinic.com/js/NElI8ZC/
exe.dropper

http://geolifesciences.com/font/r/
exe.dropper

http://rollinghood.com/how-to-ifwed/buj6VQx/
exe.dropper

http://jardindhelena.com/wp-content/u20/
exe.dropper

http://kingshowworldshoppingmall.com/cgi-bin/Ga/
exe.dropper

http://davinciworldshoppingmall.com/cgi-bin/Eh/

Targets

    • Target

      Lijst-312193-51028025.doc

    • Size

      160KB

    • MD5

      29a4ea6a463ddf82de1e03bb924e7d6b

    • SHA1

      a0ac2cd61171e18c65393d81ff7e59cb764cd097

    • SHA256

      e5aa021fb139265c34bdf1a7caab6b2954c71a9a83a8050364c1a95fddd7e0c7

    • SHA512

      b89887ac2511ba4168517a7eff2f35d6f71a680e65fb12422e11d1bc13909f160ba4679a6dc12b4f5215eeaf34487b76e8df5d249b4789a3a86081df6efa8ce3

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks