Overview

overview

10

Static

static

8

ab37d198e0...c4.doc

windows7_x64

10

ab37d198e0...c4.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab37d198e0a1aa5ea37a6a4ebfccf8f6f175f3e97f77261b9a4813a4c7e2c1c4

  • Size

    141KB

  • Sample

    220521-ayn4cabac2

  • MD5

    d2cc5525e1d27ab1814bf89562efd8d9

  • SHA1

    278d0e253423ba2e83f1b3851465251c209a8580

  • SHA256

    ab37d198e0a1aa5ea37a6a4ebfccf8f6f175f3e97f77261b9a4813a4c7e2c1c4

  • SHA512

    59725072fd48b6853e938ad289b8fe893fa48f61a0a0f5e3c377ba85f63514b55577b78e6bf7a3bd32b8d46a5f400805b64dd51965ed431f76a2d19a46a01191

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.niteshagrico.com/z7ISltpB
exe.dropper

http://www.tenmiengiarenhat.com/bIfcRi8Kc
exe.dropper

http://www.hopeintlschool.org/ebIV1do
exe.dropper

http://www.dnenes.com.mx/Wmv9Lwru
exe.dropper

http://kynangtuhoc.com/h6pTDOH

Targets

    • Target

      ab37d198e0a1aa5ea37a6a4ebfccf8f6f175f3e97f77261b9a4813a4c7e2c1c4

    • Size

      141KB

    • MD5

      d2cc5525e1d27ab1814bf89562efd8d9

    • SHA1

      278d0e253423ba2e83f1b3851465251c209a8580

    • SHA256

      ab37d198e0a1aa5ea37a6a4ebfccf8f6f175f3e97f77261b9a4813a4c7e2c1c4

    • SHA512

      59725072fd48b6853e938ad289b8fe893fa48f61a0a0f5e3c377ba85f63514b55577b78e6bf7a3bd32b8d46a5f400805b64dd51965ed431f76a2d19a46a01191

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks