Overview

overview

10

Static

static

8

Attachments_276.doc

windows7_x64

10

Attachments_276.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Attachments_276.doc

  • Size

    162KB

  • Sample

    210114-lmfx4gh2w2

  • MD5

    1e36711be581dee9f77ef2243b2a6048

  • SHA1

    d446161ee0af2b40768c72ad7b9159a9e81d655a

  • SHA256

    a8b8fb73b3d7ae7a1780ae143dbfb66471afacb86c69e3270e026e8f11281918

  • SHA512

    363b2265fed1b89396e8fa9c928fa3b754b3fe2afde0aadd1ffe4005524ea25bb39c6e4ea516c2b13cae8587d0eea4572f020d4344ab73f72536e66bb5f20c25

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.mitraship.com/wp-content/ZKeB/
exe.dropper

http://djsrecord.com/wp-includes/abop/
exe.dropper

https://lastfrontierstrekking.com/new/2OaabFU/
exe.dropper

https://watchnshirt.com/y/L7z9YcA/
exe.dropper

https://www.impipower.com/wp-content/U/
exe.dropper

https://www.inkayniperutours.com/druver/LtcG/
exe.dropper

https://vysimopoulos.com/d/NF/

Targets

    • Target

      Attachments_276.doc

    • Size

      162KB

    • MD5

      1e36711be581dee9f77ef2243b2a6048

    • SHA1

      d446161ee0af2b40768c72ad7b9159a9e81d655a

    • SHA256

      a8b8fb73b3d7ae7a1780ae143dbfb66471afacb86c69e3270e026e8f11281918

    • SHA512

      363b2265fed1b89396e8fa9c928fa3b754b3fe2afde0aadd1ffe4005524ea25bb39c6e4ea516c2b13cae8587d0eea4572f020d4344ab73f72536e66bb5f20c25

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks