General
-
Target
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
-
Size
89KB
-
Sample
220521-pepm4aadbp
-
MD5
b52f6306e6c5af7bd87fab6f32a937b9
-
SHA1
e7043e9907b332b9039eeb4487959d10e05d2dc0
-
SHA256
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
-
SHA512
0f5212be7b3294cb4b86e4f884f9b750a056c34ab9d9df040481d2244659ee2c79c084747ed5cf056ae9d4d3d35563b1901dacfbec464a20ea466029916cc9cb
Static task
static1
Behavioral task
behavioral1
Sample
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4.docm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4.docm
Resource
win10v2004-20220414-en
Malware Config
Extracted
| Language | ps1 |
| Deobfuscated |
|
| URLs |
exe.dropper
http://62.108.35.164/api.php |
Targets
-
-
Target
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
-
Size
89KB
-
MD5
b52f6306e6c5af7bd87fab6f32a937b9
-
SHA1
e7043e9907b332b9039eeb4487959d10e05d2dc0
-
SHA256
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
-
SHA512
0f5212be7b3294cb4b86e4f884f9b750a056c34ab9d9df040481d2244659ee2c79c084747ed5cf056ae9d4d3d35563b1901dacfbec464a20ea466029916cc9cb
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation