Overview

overview

10

Static

static

8

13_08_2020...8.docm

windows7_x64

10

13_08_2020...8.docm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8a7d0dfb3835974e441cb2bd9af7a13aa323e5de8a29c7e9eecf4632d5ecd04

  • Size

    374KB

  • Sample

    220521-d7fp4sbhhr

  • MD5

    c813db2a4fa3bfa781355e32c6ef240c

  • SHA1

    712d8eb4b27c384e38c0f15eb2660bcf76aa3f1f

  • SHA256

    d8a7d0dfb3835974e441cb2bd9af7a13aa323e5de8a29c7e9eecf4632d5ecd04

  • SHA512

    caa1fc811c4147fb16eba68d11bf8751f4c455438fdec12de7cedbb7a39e3390a43d7c7aad0ea276212158544f640af0398b4df7388dd64ebfabd541ea0b04e8

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://podosenengk12.com/rtjyw/555555.png
exe.dropper

http://accent-granit.com/urjikh/555555.png
exe.dropper

http://wisedata.technology/xhpcvntvdmj/555555.png
exe.dropper

http://kahnamoei.com/vatopbv/555555.png
exe.dropper

http://carpalette-hachinohe.com/pdfdxenf/555555.png
exe.dropper

http://jung-versand.net/dbjqzkp/555555.png

Targets

    • Target

      13_08_2020_62967988.doc

    • Size

      381KB

    • MD5

      3d52b1e551984e203f02d9dcbd8e7e8b

    • SHA1

      369dbac4370c025651892ce036dbfd82fbbb4ef2

    • SHA256

      37a4488c88924394c225a530ace9dc09a4507d913bea46c49ce14ff43b40f6b8

    • SHA512

      7ad63084e0c51727866c784b31bf3a77ea68b28b061327b2e8f8e39e6e2834f77aa69a9922294ca362fa5b4b695762e9fa3c28b1bf2584be9611102e21008e53

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks