Overview

overview

10

Static

static

8

sample.doc

windows7_x64

10

sample.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ac3302581e9f360be53466572a0b073381e27eebfbbddb6122000454b2f7bea

  • Size

    98KB

  • Sample

    220520-1tg3caecd9

  • MD5

    3d7b7db8acdd26b42b0005a074a95e9f

  • SHA1

    93ae60d24e9ccb02775da1bd9c0457ddd4888f11

  • SHA256

    3ac3302581e9f360be53466572a0b073381e27eebfbbddb6122000454b2f7bea

  • SHA512

    61f12e8f509ab1fed63a58f93330edc37f73dc7486dea04ff39a8957190daacbaa6bb60d7a2d0051cf59b9890a621f8347b3985ec414b45ebf38adffc363b554

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://manandvanwaterlooville.co.uk/wp-admin/prX892/
exe.dropper

https://uniral.com/captchasignup/4J579681/
exe.dropper

https://scyzm.net/lkx7/lqoH8S/
exe.dropper

https://amagna.nl/DZ9MzAobu3/37Z/
exe.dropper

https://nilinkeji.com/online/90fb31/

Targets

    • Target

      sample

    • Size

      168KB

    • MD5

      4b7649edf595eaeeb89dcd4703d0cf57

    • SHA1

      67751ef3d3fe6db82ff0fbf3d901d4b6c67d99d4

    • SHA256

      c4c7bb2450ebb5a20ae3471bccf992bd7c59c3d2324d8581a6b8c139f54b9de5

    • SHA512

      0757277daedb9c749e53cc82a4225b73de26662d05edd97059852039558b0f54e78ad779c61e368d51aa78c6fe9a8ec8935f375b6a9790a92b6b584e9d007173

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks