Overview

overview

10

Static

static

8

Untitled_2...21.doc

windows7_x64

10

Untitled_2...21.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Untitled_2021_01_12_G478621.doc

  • Size

    157KB

  • Sample

    210114-9fdm51tz42

  • MD5

    054ef4f75808a1d23c78a216db816336

  • SHA1

    467dabe728edae96ca6229c8aefd0d20ed175539

  • SHA256

    1cc13f331b8070b5e46b47016ad976bb3033eba3f81d7be30e529eece66829f9

  • SHA512

    79c1ced23104dce5a115786dd36538082a36c41cbf69ecf9ff7f5b8c1169e12eadbe49fd0a06b0110f8390cf2ffef68f70fdfc6a42905a3e63154ab48b0bc36d

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://baselinealameda.com/j/uoB/
exe.dropper

http://abdindash.xyz/b/Yonhx/
exe.dropper

https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
exe.dropper

https://craku.tech/h/iXbreOs/
exe.dropper

https://nicoblogroms.com/c/V9w0b5/
exe.dropper

https://www.taradhuay.com/d/oT5uG/
exe.dropper

https://altcomconstruction.com/wp-includes/or7/

Targets

    • Target

      Untitled_2021_01_12_G478621.doc

    • Size

      157KB

    • MD5

      054ef4f75808a1d23c78a216db816336

    • SHA1

      467dabe728edae96ca6229c8aefd0d20ed175539

    • SHA256

      1cc13f331b8070b5e46b47016ad976bb3033eba3f81d7be30e529eece66829f9

    • SHA512

      79c1ced23104dce5a115786dd36538082a36c41cbf69ecf9ff7f5b8c1169e12eadbe49fd0a06b0110f8390cf2ffef68f70fdfc6a42905a3e63154ab48b0bc36d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks