Overview

overview

10

Static

static

8

Besked_8207219.doc

windows7_x64

10

Besked_8207219.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Besked_8207219.doc

  • Size

    159KB

  • Sample

    210114-5ls1ngrbkx

  • MD5

    12fda68c1061e26283ce696fe184f3a7

  • SHA1

    d63fd96d911eee173c8a7d61f0caec74dccf73fe

  • SHA256

    a173e1368bd84bab43c9ee0bf4f6353acd9b1742ab20f3a3c8bd38ee1dd0c6be

  • SHA512

    4d2fb1525f4c7ff759d301864513630f1efd0e0fc594780cbc61631cc1cac75e4bcfda117f8f66dbb4a32939e005ba01d258979a18f6f9d4c6496ca67e3ebc32

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fynart.com/wp-admin/aNuMy/
exe.dropper

http://dermedicoclinic.com/js/NElI8ZC/
exe.dropper

http://geolifesciences.com/font/r/
exe.dropper

http://rollinghood.com/how-to-ifwed/buj6VQx/
exe.dropper

http://jardindhelena.com/wp-content/u20/
exe.dropper

http://kingshowworldshoppingmall.com/cgi-bin/Ga/
exe.dropper

http://davinciworldshoppingmall.com/cgi-bin/Eh/

Targets

    • Target

      Besked_8207219.doc

    • Size

      159KB

    • MD5

      12fda68c1061e26283ce696fe184f3a7

    • SHA1

      d63fd96d911eee173c8a7d61f0caec74dccf73fe

    • SHA256

      a173e1368bd84bab43c9ee0bf4f6353acd9b1742ab20f3a3c8bd38ee1dd0c6be

    • SHA512

      4d2fb1525f4c7ff759d301864513630f1efd0e0fc594780cbc61631cc1cac75e4bcfda117f8f66dbb4a32939e005ba01d258979a18f6f9d4c6496ca67e3ebc32

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks