Overview

overview

10

Static

static

8

2020-29-12-050760.doc

windows7_x64

10

2020-29-12-050760.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2020-29-12-050760.doc

  • Size

    164KB

  • Sample

    210114-v54dswb2zx

  • MD5

    c7482ff679f132d2033a9b1f0bf3a91a

  • SHA1

    6a2dd07bd331c830c06da8356a2ac665be9df9f6

  • SHA256

    bd280d95e7a6a329e2f9fb97f9217a2d5ee84357ef7a229d862d596958fd00f0

  • SHA512

    9667216b7a3130f95c02ed8a554c20d90b007b45f3aa422a6fb157ad77409e22852817259ea1f6de56cf05ad454c60e848908d4df01316cee3866f22b8116ff2

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://206.189.146.42/wp-admin/F0xAutoConfig/XR9/
exe.dropper

http://paroissesaintabraham.com/wp-admin/H/
exe.dropper

https://lnfch.com/wp-includes/quC/
exe.dropper

https://nahlasolimandesigns.com/wp-admin/0HHK7/
exe.dropper

http://harmonimedia.com/wp-content/uploads/Zol/
exe.dropper

http://ncap.lbatechnologies.com/media/6iQ/
exe.dropper

https://lainiotisllc.com/postauth/7XhB/

Targets

    • Target

      2020-29-12-050760.doc

    • Size

      164KB

    • MD5

      c7482ff679f132d2033a9b1f0bf3a91a

    • SHA1

      6a2dd07bd331c830c06da8356a2ac665be9df9f6

    • SHA256

      bd280d95e7a6a329e2f9fb97f9217a2d5ee84357ef7a229d862d596958fd00f0

    • SHA512

      9667216b7a3130f95c02ed8a554c20d90b007b45f3aa422a6fb157ad77409e22852817259ea1f6de56cf05ad454c60e848908d4df01316cee3866f22b8116ff2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks