Overview

overview

10

Static

static

8

45fe53a320...c7.doc

windows7_x64

10

45fe53a320...c7.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45fe53a320684b36663ffe02061c1df145d4c3ccc3aa855582f19d3e12210ec7

  • Size

    135KB

  • Sample

    220521-ar2e4aafh2

  • MD5

    5d306a8b1060e779dd27b30749c25d73

  • SHA1

    f48489348a2aa9b01ed7aa7c4ea17aa3002c194e

  • SHA256

    45fe53a320684b36663ffe02061c1df145d4c3ccc3aa855582f19d3e12210ec7

  • SHA512

    14945a24d04928ec7e89f49ed1afdd71b76b2ca9ebd8b8fb536c3345be06c6c14c32699e95516749a8650c22f274ad2b5b5f6935f729141d1a7784bca0165afb

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.srskgroup.com/9d74kPY
exe.dropper

http://www.stovefree.com/Zg
exe.dropper

http://www.rohanpurit.com/gfnpS
exe.dropper

http://www.misyaland.com/q
exe.dropper

http://teambored.co.uk/Ps

Targets

    • Target

      45fe53a320684b36663ffe02061c1df145d4c3ccc3aa855582f19d3e12210ec7

    • Size

      135KB

    • MD5

      5d306a8b1060e779dd27b30749c25d73

    • SHA1

      f48489348a2aa9b01ed7aa7c4ea17aa3002c194e

    • SHA256

      45fe53a320684b36663ffe02061c1df145d4c3ccc3aa855582f19d3e12210ec7

    • SHA512

      14945a24d04928ec7e89f49ed1afdd71b76b2ca9ebd8b8fb536c3345be06c6c14c32699e95516749a8650c22f274ad2b5b5f6935f729141d1a7784bca0165afb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks