Overview

overview

10

Static

static

8

sample.doc

windows7_x64

10

sample.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c11eb5e233cd0b35d2d66853ba6f02b1a1ebc0cee3bac6725e54040fcc2c3125

  • Size

    98KB

  • Sample

    220520-z5ln8sded2

  • MD5

    82cb854c03d62c6afaf9b764e26f1285

  • SHA1

    f151e33b8cc6513ae4e2d351ea3f1aea4777f749

  • SHA256

    c11eb5e233cd0b35d2d66853ba6f02b1a1ebc0cee3bac6725e54040fcc2c3125

  • SHA512

    d45d12388bfd22861258b7ba108e88e1894a4909898bdfdcb0a8943d9d2e12adf79879da0ba5a6517fbf0e195d413effdf862d83bcfe69427b498e48b6e72ad5

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://manandvanwaterlooville.co.uk/wp-admin/prX892/
exe.dropper

https://uniral.com/captchasignup/4J579681/
exe.dropper

https://scyzm.net/lkx7/lqoH8S/
exe.dropper

https://amagna.nl/DZ9MzAobu3/37Z/
exe.dropper

https://nilinkeji.com/online/90fb31/

Targets

    • Target

      sample

    • Size

      169KB

    • MD5

      1b8bb729ea50f3693ab40f7d666dd989

    • SHA1

      12806d2409ee1842ab8b8cfcedc5b7f94605000c

    • SHA256

      21a4526681f542f3066046ac15cf21e2d5e9d49314df6b742be7b46d67f8f0a7

    • SHA512

      f5d982a58ae70d5ff6aa767895dc2a4280ae3bfa0777f72d020736ed59be72bb48c05c3c77879fa124cd964635db3573ea768e4501e0b126388e4646fa7434fa

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks