Overview

overview

10

Static

static

8

arc-5972858.doc

windows7_x64

10

arc-5972858.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    arc-5972858.doc

  • Size

    163KB

  • Sample

    210114-mw9schrsha

  • MD5

    4f25df316e6f6e194548ffec9783373b

  • SHA1

    71dda4dde08c6fa01f96f387f97ca2431bb8492f

  • SHA256

    7a1ee8011d7a9b903f8cc4443bdc4dd5d82b251975d2a28e1ed3fa8590deffef

  • SHA512

    30c87d2d753268ab91a11fcb91cfd4d45ce31d7d8fbc148a635f604ac9ae30879435669428bc8159b07ee0c1bde445c57030420bb4473c4fe354cb90717b1286

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.mitraship.com/wp-content/ZKeB/
exe.dropper

http://djsrecord.com/wp-includes/abop/
exe.dropper

https://lastfrontierstrekking.com/new/2OaabFU/
exe.dropper

https://watchnshirt.com/y/L7z9YcA/
exe.dropper

https://www.impipower.com/wp-content/U/
exe.dropper

https://www.inkayniperutours.com/druver/LtcG/
exe.dropper

https://vysimopoulos.com/d/NF/

Targets

    • Target

      arc-5972858.doc

    • Size

      163KB

    • MD5

      4f25df316e6f6e194548ffec9783373b

    • SHA1

      71dda4dde08c6fa01f96f387f97ca2431bb8492f

    • SHA256

      7a1ee8011d7a9b903f8cc4443bdc4dd5d82b251975d2a28e1ed3fa8590deffef

    • SHA512

      30c87d2d753268ab91a11fcb91cfd4d45ce31d7d8fbc148a635f604ac9ae30879435669428bc8159b07ee0c1bde445c57030420bb4473c4fe354cb90717b1286

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks