Overview

overview

10

Static

static

8

emo99.xls

windows7_x64

10

emo99.xls

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emo99.xls

  • Size

    142KB

  • Sample

    220204-qlm9aaadfp

  • MD5

    151a3a0128124613ed535a0c94fef154

  • SHA1

    202916a33701b5db729211b462a6abb94f98c1fa

  • SHA256

    8ddd5a2055cae9fa9e49ac6f4827d99d40d0ca74e880f521bc33079fb0d9405c

  • SHA512

    0732461d273e576a817cd220f1e0e1830e9bf02434142a66fb7093ca9bf29f35123db59e571aad7e3d49bec67d021300955849c6224b57e958dc97f6dcf34335

Score
10/10
macromacro_on_actionpersistence

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://goyaluat.vmesh.in/0v6kcny/CG/
exe.dropper

https://mars.srl/wp-admin/7Ffk6LLN2Xs2W/
exe.dropper

http://franmulero.es/mbx/8c5RBJx6/
exe.dropper

http://varafood.com/Ajax/cnM91G/
exe.dropper

https://7jcat.com/wp-content/t/
exe.dropper

http://blog.centralhome.hu/wp-content/pB1RfPCnBlS1WfpcOL/
exe.dropper

http://zimrights.co.zw/oldsite/k0EoCWycU9tNo1d/
exe.dropper

https://mudhands.com/error/BfH/
exe.dropper

http://albatrospatagonia.com/phkcvt/t53ceSMDqgPQlq/
exe.dropper

http://mapcommunications.co.zw/wp-admin/mdRRbSdU3aB7Xpx6z/
exe.dropper

http://odconsult.co.uk/ALFA_DATA/HHr0FqOXAn62/
exe.dropper

http://dushkin.net/img/bhQSTNicEMtNQxP/

Targets

    • Target

      emo99.xls

    • Size

      142KB

    • MD5

      151a3a0128124613ed535a0c94fef154

    • SHA1

      202916a33701b5db729211b462a6abb94f98c1fa

    • SHA256

      8ddd5a2055cae9fa9e49ac6f4827d99d40d0ca74e880f521bc33079fb0d9405c

    • SHA512

      0732461d273e576a817cd220f1e0e1830e9bf02434142a66fb7093ca9bf29f35123db59e571aad7e3d49bec67d021300955849c6224b57e958dc97f6dcf34335

    Score
    10/10
    persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks