82e1e3df0f694eb0211a9d5291b43356953764557f25bd7b7b1de129b520ed17 | Triage

Submit
Reports

Overview

overview

Static

static

8

82e1e3df0f...7.dotm

windows7_x64

82e1e3df0f...7.dotm

windows10-2004_x64

Sharing

General

Target

82e1e3df0f694eb0211a9d5291b43356953764557f25bd7b7b1de129b520ed17
Size

153KB
Sample

220520-1wgjlaheer
MD5

d717d96065b8fb5fb93ba5766d96eb34
SHA1

12039b3e2b7e484d70509b1aebc2ee778ad05fc3
SHA256

82e1e3df0f694eb0211a9d5291b43356953764557f25bd7b7b1de129b520ed17
SHA512

8f7514795ade123c0c35375c8f36e843925fcf735a441c1431e897bb4dbf9a28db6bd4dc68c2fcbe1fe735793171c258661d5ed9ec6cdb4fe58d5aa692a4411e

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

82e1e3df0f694eb0211a9d5291b43356953764557f25bd7b7b1de129b520ed17.dotm

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

82e1e3df0f694eb0211a9d5291b43356953764557f25bd7b7b1de129b520ed17.dotm

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://think1.com/wp-content/upgrade/2na4-4q5g-751619964/

exe.dropper

http://broadpeakdefense.com/fbsgf/McZcBMeM/

exe.dropper

https://lecairtravels.com/wp-admin/bXwjcdeg/

exe.dropper

https://www.biyunhui.com/fj/wbTKndf/

exe.dropper

http://nautcoins.com/wp-includes/AcZxFxQ/

Targets

- Target
  
  82e1e3df0f694eb0211a9d5291b43356953764557f25bd7b7b1de129b520ed17
- Size
  
  153KB
- MD5
  
  d717d96065b8fb5fb93ba5766d96eb34
- SHA1
  
  12039b3e2b7e484d70509b1aebc2ee778ad05fc3
- SHA256
  
  82e1e3df0f694eb0211a9d5291b43356953764557f25bd7b7b1de129b520ed17
- SHA512
  
  8f7514795ade123c0c35375c8f36e843925fcf735a441c1431e897bb4dbf9a28db6bd4dc68c2fcbe1fe735793171c258661d5ed9ec6cdb4fe58d5aa692a4411e
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy