e69742e157bd0b2dc16aec06611d17972f1b733e8caff3f4234057580ac5edde | Triage

Submit
Reports

Overview

overview

Static

static

8

e69742e157...de.doc

windows7_x64

e69742e157...de.doc

windows10-2004_x64

Sharing

General

Target

e69742e157bd0b2dc16aec06611d17972f1b733e8caff3f4234057580ac5edde
Size

248KB
Sample

220201-dpf8xsfgfr
MD5

3be6ed83df84dec0842cab36c8a76ddc
SHA1

3bb3ddb72addde0f5bce63fd23bc40275bb29500
SHA256

e69742e157bd0b2dc16aec06611d17972f1b733e8caff3f4234057580ac5edde
SHA512

3e85029ab32a4bfafe5d0c95022bcfcf23129e3ff01c0013c721f51737fe8c1310748bdcc6f0823ee13ac88d743b6638e046a02019bf8888f7e6d1576b4171e9

Score

10^/10

macro persistence

Static task

static1

Behavioral task

behavioral1

Sample

e69742e157bd0b2dc16aec06611d17972f1b733e8caff3f4234057580ac5edde.doc

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e69742e157bd0b2dc16aec06611d17972f1b733e8caff3f4234057580ac5edde.doc

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://biederman.net/leslie/lL/

exe.dropper

http://nissanbacgiang.com/wp-content/xR3/

exe.dropper

http://equidaddegenero.iztacala.unam.mx/wp-admin/XPF/

exe.dropper

http://www.zestevents.co/wp-includes/GJAo/

exe.dropper

http://stylishlab.webpixabyte.com/thjowrk5e/9UG/

Targets

- Target
  
  e69742e157bd0b2dc16aec06611d17972f1b733e8caff3f4234057580ac5edde
- Size
  
  248KB
- MD5
  
  3be6ed83df84dec0842cab36c8a76ddc
- SHA1
  
  3bb3ddb72addde0f5bce63fd23bc40275bb29500
- SHA256
  
  e69742e157bd0b2dc16aec06611d17972f1b733e8caff3f4234057580ac5edde
- SHA512
  
  3e85029ab32a4bfafe5d0c95022bcfcf23129e3ff01c0013c721f51737fe8c1310748bdcc6f0823ee13ac88d743b6638e046a02019bf8888f7e6d1576b4171e9
Score

10^/10

persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy