Overview

overview

10

Static

static

3

order 17052022.pdf

windows7_x64

10

order 17052022.pdf

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order 17052022.pdf_

  • Size

    30KB

  • Sample

    220517-x4dk5agcc3

  • MD5

    f7da10c601fc5c0c2caef9f4e06508ad

  • SHA1

    b1f40f4752866c30fbd6654f4844d13ae2958946

  • SHA256

    0bf9fd42a0dc842dfe8ad1d5fdaa3f74e5e2ff602887dcfdbc14466f51eef6e0

  • SHA512

    999c1cf265bd24b51a75bbe6651b2c5b7637b8df6e89a5740e31b6d9e9a74bff19c5ddd8fb445d42cfbe01f26c92db0afa273480f85895a83530ed68a9a392c3

Score
10/10
linkpdfpersistence

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://www.mediafire.com/file/ivgr6qe4jfzd1w9/14.dll/file

Targets

    • Target

      order 17052022.pdf_

    • Size

      30KB

    • MD5

      f7da10c601fc5c0c2caef9f4e06508ad

    • SHA1

      b1f40f4752866c30fbd6654f4844d13ae2958946

    • SHA256

      0bf9fd42a0dc842dfe8ad1d5fdaa3f74e5e2ff602887dcfdbc14466f51eef6e0

    • SHA512

      999c1cf265bd24b51a75bbe6651b2c5b7637b8df6e89a5740e31b6d9e9a74bff19c5ddd8fb445d42cfbe01f26c92db0afa273480f85895a83530ed68a9a392c3

    Score
    10/10
    persistence

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks