Overview

overview

10

Static

static

8

List-1784049.doc

windows7_x64

10

List-1784049.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    List-1784049.doc

  • Size

    173KB

  • Sample

    210303-w5ydwmvgme

  • MD5

    eb443d24f4b23bb2237618939710b264

  • SHA1

    d4580dcd975342df4ff019ba06c06334e35b5c04

  • SHA256

    360933d3dc4789e0447d2ac88505be8be991ff6bb94dbf51524d5a368d77a1a4

  • SHA512

    a374a1e77a6bbd920efcc3a8ec2700eada52c160bedf147c1ba79f5dce1ce7def33bb842426f483149da8457a9b7d67bf654c05b4bbf8cd3d570df04c1350c35

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://globaliaespacios.com/wp-includes/OXjBq028664/
exe.dropper

http://lupusalimentos.com.br/assinatura/ooJNJihAvv/
exe.dropper

https://maniot.com/TN3611948/
exe.dropper

https://mickreevesmodels.co.uk/micks_chat/bzqL9/
exe.dropper

http://markantes.com/jason/QuPn889/

Targets

    • Target

      List-1784049.doc

    • Size

      173KB

    • MD5

      eb443d24f4b23bb2237618939710b264

    • SHA1

      d4580dcd975342df4ff019ba06c06334e35b5c04

    • SHA256

      360933d3dc4789e0447d2ac88505be8be991ff6bb94dbf51524d5a368d77a1a4

    • SHA512

      a374a1e77a6bbd920efcc3a8ec2700eada52c160bedf147c1ba79f5dce1ce7def33bb842426f483149da8457a9b7d67bf654c05b4bbf8cd3d570df04c1350c35

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks