b9c87683d4000e24d419ebe199d2c55dbb9757d5cc8f4e6d9a0295e963cbb07c | Triage

Submit
Reports

Overview

overview

Static

static

8

3fce454b_b...is.doc

windows7_x64

3fce454b_b...is.doc

windows10_x64

Sharing

General

Target

3fce454b_by_Libranalysis
Size

43KB
Sample

210511-m3w14wgcye
MD5

3fce454b5a5ba7d73cc2b2560f69a48a
SHA1

b9321f7d1bbb1e020b03b676bd23d53e9ff6c17e
SHA256

b9c87683d4000e24d419ebe199d2c55dbb9757d5cc8f4e6d9a0295e963cbb07c
SHA512

fc35cb2957f15a3cdadf282c1b6d0f876dd710061d7c645618b83a394171723d24ddfecc64d721cb2cb1745e44a283dcc7278d6da9f3a67465e2cb8e760eb943

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

3fce454b_by_Libranalysis.doc

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3fce454b_by_Libranalysis.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://atlantastunttruckdrivers.com/Denight.exe

Targets

- Target
  
  3fce454b_by_Libranalysis
- Size
  
  43KB
- MD5
  
  3fce454b5a5ba7d73cc2b2560f69a48a
- SHA1
  
  b9321f7d1bbb1e020b03b676bd23d53e9ff6c17e
- SHA256
  
  b9c87683d4000e24d419ebe199d2c55dbb9757d5cc8f4e6d9a0295e963cbb07c
- SHA512
  
  fc35cb2957f15a3cdadf282c1b6d0f876dd710061d7c645618b83a394171723d24ddfecc64d721cb2cb1745e44a283dcc7278d6da9f3a67465e2cb8e760eb943
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy