Overview

overview

10

Static

static

8

2022-1-28-...69.xls

windows7_x64

10

2022-1-28-...69.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-1-28-7eced723576899b75511edb3cda5bb69.bin

  • Size

    46KB

  • Sample

    220128-bvdnwadggm

  • MD5

    7eced723576899b75511edb3cda5bb69

  • SHA1

    c5819e9dd4863a29484f08f31979ff9ee5635d6e

  • SHA256

    b0dd275157f1e44d3a67df073c2504ccf2f9de33ffb66de6ef37d412434d4e5f

  • SHA512

    46120f22d2d203b565affbbf3619d57aa3fa5f62d78f67706677be893f7a9aa209dcb65167b0ba6ddfd8c8da6953f255d75640044968529507d97053388ad257

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://91.240.118.168/vvv/ppp/fe.html

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://91.240.118.168/vvv/ppp/fe.png

Targets

    • Target

      2022-1-28-7eced723576899b75511edb3cda5bb69.bin

    • Size

      46KB

    • MD5

      7eced723576899b75511edb3cda5bb69

    • SHA1

      c5819e9dd4863a29484f08f31979ff9ee5635d6e

    • SHA256

      b0dd275157f1e44d3a67df073c2504ccf2f9de33ffb66de6ef37d412434d4e5f

    • SHA512

      46120f22d2d203b565affbbf3619d57aa3fa5f62d78f67706677be893f7a9aa209dcb65167b0ba6ddfd8c8da6953f255d75640044968529507d97053388ad257

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks