Overview

overview

10

Static

static

8

sample.doc

windows7_x64

10

sample.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11372b64d5b2d1985613084cd81164f95fc5d9259cfdce779df923ec269a3d0f

  • Size

    121KB

  • Sample

    220520-12cslahfhl

  • MD5

    a358827add91001aa0c589bd64bae2fa

  • SHA1

    10a7180d4a4f25e6c8e8415a64c02028a011472b

  • SHA256

    11372b64d5b2d1985613084cd81164f95fc5d9259cfdce779df923ec269a3d0f

  • SHA512

    1ce4ab7d9bb97b8d915283607c9415a09dac3ef17aa9d6cf0792a7de2904802e0a083fff15d0c1d7efaf30e95a48b386bdac3ac4a8aff5ebf3f92180d96a47b3

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://casaroomz.com/wp-includes/rPG/
exe.dropper

http://necibekulac.com/wp-content/dTl4ul/
exe.dropper

https://www.homeonetechnologies.com/blog/dcy/
exe.dropper

http://todoparaelconfort.com/cgi-bin/wp/
exe.dropper

http://aadarshitibhusawal.org/wp-includes/amI/
exe.dropper

http://digiarmedia.com/wp-admin/8/
exe.dropper

http://avcumda.com/huseyingulgec.com.tr/cO1DS8G/

Targets

    • Target

      sample

    • Size

      231KB

    • MD5

      cb235ef0104c8ed67cdb12d17dba8e02

    • SHA1

      da7fd08657a9c17d2efe87754218dbd7851212d3

    • SHA256

      39af19338e24f5fcea02d5777af1f45eef1669e7834311632f223524b7e773c4

    • SHA512

      cb31003906e4140029cd688091f20d2d433df803f295198a48d84eb5b6ac48faafb325acef91e044987dbf63b23d5630f39a926ac1cfafaecabc799bb42f78e5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks