2e6137fcf557c34632120de28bb38abf3fa931a005e20b1379f2e8be842ba199

General

Target

Bestand_61792947.doc
Size

160KB
Sample

210114-wml7c9m7rx
MD5

fd662b4224eff8eb8d6c277c97bacbda
SHA1

adf4ec5325803601c09ab31af7840710d581aebb
SHA256

2e6137fcf557c34632120de28bb38abf3fa931a005e20b1379f2e8be842ba199
SHA512

0564cc91be29196c0202d3a59bc2f1d7927270a135b12bbeb49fbfeb090f481333bef69bc79d2b1a08b4f178e75b51ef9b65571383cc57f194fd49397ca80f12

Score

10^/10

macro xlm

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://ketorecipesfit.com/wp-admin/afanv/

exe.dropper

http://mertelofis.com/wp-content/As0/

exe.dropper

http://givingthanksdaily.com/CP/

exe.dropper

http://datawyse.net/0X3QY/

exe.dropper

http://cs.lcxxny.com/wp-includes/E3U8nn/

exe.dropper

http://makiyazhdoma.ru/blocked/tgEeW8M/

exe.dropper

http://trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/

Targets

- Target
  
  Bestand_61792947.doc
- Size
  
  160KB
- MD5
  
  fd662b4224eff8eb8d6c277c97bacbda
- SHA1
  
  adf4ec5325803601c09ab31af7840710d581aebb
- SHA256
  
  2e6137fcf557c34632120de28bb38abf3fa931a005e20b1379f2e8be842ba199
- SHA512
  
  0564cc91be29196c0202d3a59bc2f1d7927270a135b12bbeb49fbfeb090f481333bef69bc79d2b1a08b4f178e75b51ef9b65571383cc57f194fd49397ca80f12
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2