Overview

overview

10

Static

static

8

e9101d348f...5c.doc

windows7_x64

10

e9101d348f...5c.doc

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e9101d348f50f967bb46bf2d2021dc4374ac30eeed17cecaf65382647fdc865c

  • Size

    152KB

  • Sample

    220201-dk6m1sfgbl

  • MD5

    7966ac088ceb397fc6e7a713cc213b0d

  • SHA1

    7e95fd3b246b3f889a70a409823407563427592f

  • SHA256

    e9101d348f50f967bb46bf2d2021dc4374ac30eeed17cecaf65382647fdc865c

  • SHA512

    0d38ffcee92abe0082e87cd30fec81b2a608b18571c8f28eda79afd770987b5e5d2ced42921e98839fc891c94546a744f88fd5b628fb28464fea13a531977e3c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://wsme.net/cgi-bin/xH/
exe.dropper

http://justart.ma/wp-content/uploads/2019/01/Ti/
exe.dropper

http://majorpart.co.th/wp/qI/
exe.dropper

http://estudioalabi.com.ar/wp-admin/NvvP/
exe.dropper

http://marketinsight.hu/wp-includes/ly/

Targets

    • Target

      e9101d348f50f967bb46bf2d2021dc4374ac30eeed17cecaf65382647fdc865c

    • Size

      152KB

    • MD5

      7966ac088ceb397fc6e7a713cc213b0d

    • SHA1

      7e95fd3b246b3f889a70a409823407563427592f

    • SHA256

      e9101d348f50f967bb46bf2d2021dc4374ac30eeed17cecaf65382647fdc865c

    • SHA512

      0d38ffcee92abe0082e87cd30fec81b2a608b18571c8f28eda79afd770987b5e5d2ced42921e98839fc891c94546a744f88fd5b628fb28464fea13a531977e3c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks