Overview

overview

10

Static

static

8

UPS-E67JRV4SZIKQO.doc

windows7_x64

10

UPS-E67JRV4SZIKQO.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a60267e07f87febd467eef422489cc51148e9efa3e6151a8120cb7cdbfba962

  • Size

    79KB

  • Sample

    220418-mrwaasfcb4

  • MD5

    10a4f9d6d9227c2b39faa44cc1802369

  • SHA1

    2ad597bdd9ede066b7edc4b13bc46c69cbb65680

  • SHA256

    3a60267e07f87febd467eef422489cc51148e9efa3e6151a8120cb7cdbfba962

  • SHA512

    5cf796fdf9cdcb23a05a134a847506d85b2bcecbb551380c7cdaceb9a37a2b34853cecfa31acc252cc7dd3053f123dfa76e48b6a47ef6f7ccae0f2fad2ea6ef6

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kompy.cba.pl/gif/lN_dl/
exe.dropper

http://fisiobianchini.com.br/wp-content/uploads/2016/05/S_U/
exe.dropper

http://dev.dimatech.org/wp-admin/Hu_jj/
exe.dropper

http://juangrela.com/admin/bB_m/
exe.dropper

http://coupedecheveux.org/yu71t1x/c_V/

Targets

    • Target

      UPS-E67JRV4SZIKQO.js

    • Size

      161KB

    • MD5

      3a864f7c64c77a701b9aec3dbcb4389f

    • SHA1

      1a1cfdbbded9a84be91aac5064a21c591710049c

    • SHA256

      46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb

    • SHA512

      9d602204fdbb18243c1aa28a293618aa588406a593f949807e30f8b4d20e95b94582687b251b86a10edb9625f7cca89dd8def77cdb86af0acb8300ec08a6d9ac

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks