Overview

overview

10

Static

static

8

47f3f87bc5...ee.doc

windows7_x64

10

47f3f87bc5...ee.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47f3f87bc57341c15aaf9fc6736ed513185e8347dcd6bed30b3248a5bbec92ee

  • Size

    197KB

  • Sample

    220520-svttjahdc5

  • MD5

    a860a6111edd723a6d8019aabff264be

  • SHA1

    0d4d323a7e118dcbcc6d2ccebb1da7de2a411672

  • SHA256

    47f3f87bc57341c15aaf9fc6736ed513185e8347dcd6bed30b3248a5bbec92ee

  • SHA512

    951c2149cde55216631becef177b03aaee4f6fcf4f242a8428936f6460b49db6a3e47e0d2f40137594bd876b1d028d856c786b3ae72128fa0a4a409eb33784c8

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://haicunoi.ro/cgi-bin/2TX/
exe.dropper

https://crosscountrysupply.com/wp-includes/OpF/
exe.dropper

https://akuntansi.widyakartika.ac.id/wp-content/uploads/tEEe/
exe.dropper

https://giangocngan.com/css/vK/
exe.dropper

http://ebe.dk/_borders/cZJi/

Targets

    • Target

      47f3f87bc57341c15aaf9fc6736ed513185e8347dcd6bed30b3248a5bbec92ee

    • Size

      197KB

    • MD5

      a860a6111edd723a6d8019aabff264be

    • SHA1

      0d4d323a7e118dcbcc6d2ccebb1da7de2a411672

    • SHA256

      47f3f87bc57341c15aaf9fc6736ed513185e8347dcd6bed30b3248a5bbec92ee

    • SHA512

      951c2149cde55216631becef177b03aaee4f6fcf4f242a8428936f6460b49db6a3e47e0d2f40137594bd876b1d028d856c786b3ae72128fa0a4a409eb33784c8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks