Malware sandboxing report by Hatching Triage

General

Target

7933d8d9847728baa3c56f3d63a5539deb3a9260f1d7e03df15affdaed3a57b9
Size

160KB
Sample

210630-dvyv2vce26
MD5

0ed5a42c5691a1ab4c27bf8c2aed5210
SHA1

2d43412fc8c55c9a2d7a2c2d3f18c6adc96f867d
SHA256

7933d8d9847728baa3c56f3d63a5539deb3a9260f1d7e03df15affdaed3a57b9
SHA512

16034e9b9931d93b0f245f86fa4efb5aeabd86d9840087a86d1b691262703d6cd2b945fafe1a8044a87e5c7adf14eab0a1a01d4eb0fbbed6a840885276ebfe76

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://khobormalda.com/wp-content/82/

exe.dropper

http://blog.zunapro.com/wp-admin/LEE/

exe.dropper

http://megasolucoesti.com/R9KDq0O8w/Y/

exe.dropper

https://online24h.biz/wp-admin/K/

exe.dropper

https://fepami.com/wp-includes/eaI/

exe.dropper

http://ora-ks.com/system/cache/w/

exe.dropper

http://padamagro.com/wp-admin/Nc/

Targets

- Target
  
  7933d8d9847728baa3c56f3d63a5539deb3a9260f1d7e03df15affdaed3a57b9
- Size
  
  160KB
- MD5
  
  0ed5a42c5691a1ab4c27bf8c2aed5210
- SHA1
  
  2d43412fc8c55c9a2d7a2c2d3f18c6adc96f867d
- SHA256
  
  7933d8d9847728baa3c56f3d63a5539deb3a9260f1d7e03df15affdaed3a57b9
- SHA512
  
  16034e9b9931d93b0f245f86fa4efb5aeabd86d9840087a86d1b691262703d6cd2b945fafe1a8044a87e5c7adf14eab0a1a01d4eb0fbbed6a840885276ebfe76
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Drops file in System32 directory

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2