Overview

overview

10

Static

static

7af935b7cd...13.doc

windows7_x64

10

7af935b7cd...13.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7af935b7cd7ddc1383ca817ba41f0784340459331754fcdfa4348fc2a2fe7813

  • Size

    248KB

  • Sample

    220520-gdgl4accf6

  • MD5

    c918f47fda0745fedaca86195397ace0

  • SHA1

    90367cd9c7d83d6028e0125123541a138c5a82d6

  • SHA256

    7af935b7cd7ddc1383ca817ba41f0784340459331754fcdfa4348fc2a2fe7813

  • SHA512

    894663307c2bc59f31ac3fd5ae6934971dd8b7beebbbcb18de5d020ad43309baf8a1012662c33b195dc1bd3bfcaae45a87e5b5ef396cb58d0e56f0956fb781ac

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://ttobus.com/ZtzZFiHGL_r
exe.dropper

http://bilanacc.com/P7BuwLoQsTjP0hBVF
exe.dropper

http://gclubfan.com/ahjpTwNsvu2X_Q7h
exe.dropper

http://katariahospital.com/tquLevYG
exe.dropper

http://pjfittedkitchens.com/uerfWET_jrbze

Targets

    • Target

      7af935b7cd7ddc1383ca817ba41f0784340459331754fcdfa4348fc2a2fe7813

    • Size

      248KB

    • MD5

      c918f47fda0745fedaca86195397ace0

    • SHA1

      90367cd9c7d83d6028e0125123541a138c5a82d6

    • SHA256

      7af935b7cd7ddc1383ca817ba41f0784340459331754fcdfa4348fc2a2fe7813

    • SHA512

      894663307c2bc59f31ac3fd5ae6934971dd8b7beebbbcb18de5d020ad43309baf8a1012662c33b195dc1bd3bfcaae45a87e5b5ef396cb58d0e56f0956fb781ac

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks