Overview

overview

10

Static

static

8

sample.doc

windows7_x64

10

sample.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01c54922f20b727785674251e450eb1e69aaa8289f0560d550edcbd785f9bea0

  • Size

    118KB

  • Sample

    220521-esfbgacgdr

  • MD5

    e6853d39f8565fd9014a0cc0c7d6731b

  • SHA1

    d1bcfcf9818f58b389f402f534d6eb18991d6e87

  • SHA256

    01c54922f20b727785674251e450eb1e69aaa8289f0560d550edcbd785f9bea0

  • SHA512

    dd1e448f3667cf30ca93ffd6f529b1002ee9d7fb2ffb95f6188e107e5df024db954c232ea0740f38e2f1e667a95aedd46b3a4bb14871ae55b4593ac3b416ee12

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://www.agentstepp.com/ww12/6ZI/
exe.dropper

http://badaia.net/baiaseu/m4G4chJ/
exe.dropper

http://www.bambagiotti.it/shop/ymwU6/
exe.dropper

http://bbcalegal.com/attachments/AAyd/
exe.dropper

http://mezes.de/title_htm_files/Mb/
exe.dropper

http://computerfastfix.co.uk/css/DXj/
exe.dropper

http://sacentrs.lv/wp-content/uploads/2018/Cc/

Targets

    • Target

      sample

    • Size

      250KB

    • MD5

      5beff240d2fdcb9b7f5964c013149f9a

    • SHA1

      26f56d6baaad284586fe09dbad117d79089a097a

    • SHA256

      56dcff4ecd45c2746400befa109c1dae9cb935164fba6744f71387ad5cfdbe80

    • SHA512

      e00c03d76f22f94762646f02770089ae8c32031d12607f46964cfc02176b570b5c0c2c2bd9c3a84223ce97b5fc936c37a02206f0bfb3f85236d70a3f5171aae1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks