Overview

overview

10

Static

static

8

95486e2d7b...12.doc

windows7_x64

10

95486e2d7b...12.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95486e2d7bdf753ab5dd9caeb51cbb91a06f11521db0fea52573e902a03da112

  • Size

    165KB

  • Sample

    220521-ab2qxsaaa4

  • MD5

    5988dff21b137091544a4ad9ae7def47

  • SHA1

    35523d127211d1b0d6d5c202e866ee1b3f62ce04

  • SHA256

    95486e2d7bdf753ab5dd9caeb51cbb91a06f11521db0fea52573e902a03da112

  • SHA512

    522fc86635dc60c34ebc5438f011cda0abca1d8f64f93355919af0b65406031290e2c8f073bfb9b214c698798062821b52c3e6f5470f4e50c2c0e33b61f6a056

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://kellydarke.com/wp-content/Sd/
exe.dropper

http://aram-designs.com/en/Z53/
exe.dropper

http://basinhayati.net/wp-admin/Q0aw/
exe.dropper

http://7cut.extroliving.com/wp-content/3LYGE/
exe.dropper

http://allcosmeticsource.com/allcosmeticsource/OT9bg/

Targets

    • Target

      95486e2d7bdf753ab5dd9caeb51cbb91a06f11521db0fea52573e902a03da112

    • Size

      165KB

    • MD5

      5988dff21b137091544a4ad9ae7def47

    • SHA1

      35523d127211d1b0d6d5c202e866ee1b3f62ce04

    • SHA256

      95486e2d7bdf753ab5dd9caeb51cbb91a06f11521db0fea52573e902a03da112

    • SHA512

      522fc86635dc60c34ebc5438f011cda0abca1d8f64f93355919af0b65406031290e2c8f073bfb9b214c698798062821b52c3e6f5470f4e50c2c0e33b61f6a056

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks