Overview

overview

10

Static

static

8

MES 202101...71.doc

windows7_x64

10

MES 202101...71.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MES 20210112 59171.doc

  • Size

    162KB

  • Sample

    210114-s1j6zl2aen

  • MD5

    c499b2e5eb162db6733c0f92e43ef62d

  • SHA1

    8f4bfae7b3350780bf663704e7d038992628ea35

  • SHA256

    9062af099365a0eea3e468661b9ead34f4cfc42f275fd45660d52a889154e96b

  • SHA512

    ad39aa303dd17b434aebf9b9bc46b7cff0df4a32ff9a77de08896b2d044a19536ebe6086b7b9beaeec0419ff9f5765dc4283ef2ef701929e16588ec168378d2a

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.mitraship.com/wp-content/ZKeB/
exe.dropper

http://djsrecord.com/wp-includes/abop/
exe.dropper

https://lastfrontierstrekking.com/new/2OaabFU/
exe.dropper

https://watchnshirt.com/y/L7z9YcA/
exe.dropper

https://www.impipower.com/wp-content/U/
exe.dropper

https://www.inkayniperutours.com/druver/LtcG/
exe.dropper

https://vysimopoulos.com/d/NF/

Targets

    • Target

      MES 20210112 59171.doc

    • Size

      162KB

    • MD5

      c499b2e5eb162db6733c0f92e43ef62d

    • SHA1

      8f4bfae7b3350780bf663704e7d038992628ea35

    • SHA256

      9062af099365a0eea3e468661b9ead34f4cfc42f275fd45660d52a889154e96b

    • SHA512

      ad39aa303dd17b434aebf9b9bc46b7cff0df4a32ff9a77de08896b2d044a19536ebe6086b7b9beaeec0419ff9f5765dc4283ef2ef701929e16588ec168378d2a

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks