b4fdb77c5b6eede55fa1025dcbd522ada24dc6fef82efbeac60934cb6a8e8005 | Triage

Submit
Reports

Overview

overview

Static

static

8

b4fdb77c5b...05.doc

windows7_x64

b4fdb77c5b...05.doc

windows10-2004_x64

Sharing

General

Target

b4fdb77c5b6eede55fa1025dcbd522ada24dc6fef82efbeac60934cb6a8e8005
Size

109KB
Sample

220201-ez4mmsgehq
MD5

be1f448868949ba25e0b199e1e3139b2
SHA1

87435983272d0ff58ffaf105452e3e6322694ed7
SHA256

b4fdb77c5b6eede55fa1025dcbd522ada24dc6fef82efbeac60934cb6a8e8005
SHA512

2834635393ff61b60a06573df17582740e8f41f6c2eb5bdda685c5d5dd494691f4a34748e9693fff3b5834c133eb969f0ba207b8b13677652f8c1dca9bf81a2d

Score

10^/10

macro persistence

Static task

static1

Behavioral task

behavioral1

Sample

b4fdb77c5b6eede55fa1025dcbd522ada24dc6fef82efbeac60934cb6a8e8005.doc

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

b4fdb77c5b6eede55fa1025dcbd522ada24dc6fef82efbeac60934cb6a8e8005.doc

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://rechholz.de/yYw1qvd/

exe.dropper

http://psd-ga.com/zapgovno/Nhfxs/

exe.dropper

http://gtdesign.ch/oFNj7EV/

exe.dropper

http://startstudio.it/nDFE7y/

Targets

- Target
  
  b4fdb77c5b6eede55fa1025dcbd522ada24dc6fef82efbeac60934cb6a8e8005
- Size
  
  109KB
- MD5
  
  be1f448868949ba25e0b199e1e3139b2
- SHA1
  
  87435983272d0ff58ffaf105452e3e6322694ed7
- SHA256
  
  b4fdb77c5b6eede55fa1025dcbd522ada24dc6fef82efbeac60934cb6a8e8005
- SHA512
  
  2834635393ff61b60a06573df17582740e8f41f6c2eb5bdda685c5d5dd494691f4a34748e9693fff3b5834c133eb969f0ba207b8b13677652f8c1dca9bf81a2d
Score

10^/10

persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy