Overview

overview

10

Static

static

8

sample.doc

windows7_x64

10

sample.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93fcd07914e0048fa7736f68ea8c0fc7d2226858b85b18e201f326fd374c8385

  • Size

    98KB

  • Sample

    220520-1cz7ladgc7

  • MD5

    c0e52e004a468ba1659a8602bb8559f2

  • SHA1

    27d72452bb381e26b31633ba108080d505d2c5c1

  • SHA256

    93fcd07914e0048fa7736f68ea8c0fc7d2226858b85b18e201f326fd374c8385

  • SHA512

    4f8c62f5fb6d45cb7f13c988d05530f5731c80ef813c8461e582291e34bc97bd781b6805a122da8ac50cbef1eedd5aff07981900bce8a71bc67c15c8c3d140fc

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://manandvanwaterlooville.co.uk/wp-admin/prX892/
exe.dropper

https://uniral.com/captchasignup/4J579681/
exe.dropper

https://scyzm.net/lkx7/lqoH8S/
exe.dropper

https://amagna.nl/DZ9MzAobu3/37Z/
exe.dropper

https://nilinkeji.com/online/90fb31/

Targets

    • Target

      sample

    • Size

      169KB

    • MD5

      bbc5e55ddd512ad5325330fbda5b1af4

    • SHA1

      a8e09273cb14d671c1c43092aaa69ab4c2c8107f

    • SHA256

      1c187c365fd10f23486d9c28e7710e89ef4eaf12ce4a60fa73a1e764bf3982d9

    • SHA512

      c5266b582ecc00079edfd91679edfd0de9a504581d0566f9454dd9b466d1206f7c7e17e6711f7081ede3d0f9c9469e29014ebda815b491d6fe1e8087c6cd7aef

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks