Overview

overview

10

Static

static

8

46946372c8...eb.doc

windows7_x64

10

46946372c8...eb.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb

  • Size

    161KB

  • Sample

    220418-mrtfpsfcb2

  • MD5

    3a864f7c64c77a701b9aec3dbcb4389f

  • SHA1

    1a1cfdbbded9a84be91aac5064a21c591710049c

  • SHA256

    46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb

  • SHA512

    9d602204fdbb18243c1aa28a293618aa588406a593f949807e30f8b4d20e95b94582687b251b86a10edb9625f7cca89dd8def77cdb86af0acb8300ec08a6d9ac

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kompy.cba.pl/gif/lN_dl/
exe.dropper

http://fisiobianchini.com.br/wp-content/uploads/2016/05/S_U/
exe.dropper

http://dev.dimatech.org/wp-admin/Hu_jj/
exe.dropper

http://juangrela.com/admin/bB_m/
exe.dropper

http://coupedecheveux.org/yu71t1x/c_V/

Targets

    • Target

      46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb

    • Size

      161KB

    • MD5

      3a864f7c64c77a701b9aec3dbcb4389f

    • SHA1

      1a1cfdbbded9a84be91aac5064a21c591710049c

    • SHA256

      46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb

    • SHA512

      9d602204fdbb18243c1aa28a293618aa588406a593f949807e30f8b4d20e95b94582687b251b86a10edb9625f7cca89dd8def77cdb86af0acb8300ec08a6d9ac

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks