Overview

overview

10

Static

static

8

dec.-29-10...20.doc

windows7_x64

10

dec.-29-10...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dec.-29-10241-2020.doc

  • Size

    164KB

  • Sample

    210114-fwebsjnxrx

  • MD5

    7c7a1228de4b8b46430ba7556f57ad99

  • SHA1

    e5b8599b9c4c858c0a83f32852a63943f57523c9

  • SHA256

    d178d1afaa2640706dfb3240c0144e2f2f4ac427f1958223b9521e9581104df6

  • SHA512

    1e8fe72c1ab2c4be24ef1f9ccebc9183f6053e5e13605e92d54635322b23a13afea8e7593cfbbbfe3d41f13468c73946b9e603ba4330446de508c93cedf94b1a

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://206.189.146.42/wp-admin/F0xAutoConfig/XR9/
exe.dropper

http://paroissesaintabraham.com/wp-admin/H/
exe.dropper

https://lnfch.com/wp-includes/quC/
exe.dropper

https://nahlasolimandesigns.com/wp-admin/0HHK7/
exe.dropper

http://harmonimedia.com/wp-content/uploads/Zol/
exe.dropper

http://ncap.lbatechnologies.com/media/6iQ/
exe.dropper

https://lainiotisllc.com/postauth/7XhB/

Targets

    • Target

      dec.-29-10241-2020.doc

    • Size

      164KB

    • MD5

      7c7a1228de4b8b46430ba7556f57ad99

    • SHA1

      e5b8599b9c4c858c0a83f32852a63943f57523c9

    • SHA256

      d178d1afaa2640706dfb3240c0144e2f2f4ac427f1958223b9521e9581104df6

    • SHA512

      1e8fe72c1ab2c4be24ef1f9ccebc9183f6053e5e13605e92d54635322b23a13afea8e7593cfbbbfe3d41f13468c73946b9e603ba4330446de508c93cedf94b1a

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks