Overview

overview

10

Static

static

8

UPS-BJ8MNB...QJ.doc

windows7_x64

10

UPS-BJ8MNB...QJ.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    017fc57f2e5d453ffb3694b2cc8c405e61999da0198d934fa9e9bac7aeffbc2c

  • Size

    79KB

  • Sample

    220502-zwsq7aaga4

  • MD5

    f25becb012b68018f2dcbd1940199c80

  • SHA1

    6d3467458aa58e28be1a71c64eeb34b9b91d6420

  • SHA256

    017fc57f2e5d453ffb3694b2cc8c405e61999da0198d934fa9e9bac7aeffbc2c

  • SHA512

    d981e6918860f0ff421589238a0e337137e246ecfb7de8c5bf9ab282cf8089d29f6a6db2dff1024c78d01a31a133ad7ef56c2fd44f684c20c3e912f4bb9bdc57

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kompy.cba.pl/gif/lN_dl/
exe.dropper

http://fisiobianchini.com.br/wp-content/uploads/2016/05/S_U/
exe.dropper

http://dev.dimatech.org/wp-admin/Hu_jj/
exe.dropper

http://juangrela.com/admin/bB_m/
exe.dropper

http://coupedecheveux.org/yu71t1x/c_V/

Targets

    • Target

      UPS-BJ8MNBX02UY0QJ.js

    • Size

      161KB

    • MD5

      3a864f7c64c77a701b9aec3dbcb4389f

    • SHA1

      1a1cfdbbded9a84be91aac5064a21c591710049c

    • SHA256

      46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb

    • SHA512

      9d602204fdbb18243c1aa28a293618aa588406a593f949807e30f8b4d20e95b94582687b251b86a10edb9625f7cca89dd8def77cdb86af0acb8300ec08a6d9ac

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks