Overview

overview

10

Static

static

8

dbvnmjhk.doc

windows7_x64

10

dbvnmjhk.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbvnmjhk

  • Size

    176KB

  • Sample

    220522-f2gfkabaaj

  • MD5

    8a7c7754300dab0670eaf86357a5463d

  • SHA1

    6feb3edf05a2170772cdaef20d76b7e8e07c7b81

  • SHA256

    e9325a711e0f6f605b85898c5b507d4320e1f1dc672c68172b06cda359b5107e

  • SHA512

    3075f82c4530f5b9681c5b4979faf04fee0f82af288556c97b3e534abdac8290937af2f6e915f49625f9c0b4f6375b565eb9ef8aacb548ea0a29068ecad51eb2

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://santyago.org/wp-content/0mcYS6/
exe.dropper

http://dandyair.com/font-awesome/rOOAL/
exe.dropper

https://www.tekadbatam.com/wp-content/AUiw/
exe.dropper

http://kellymorganscience.com/wp-content/SCsWM/
exe.dropper

https://tewoerd.eu/img/DALSKE/
exe.dropper

http://mediainmedia.com/plugin_opencart2.3-master/Atye/
exe.dropper

http://nuwagi.com/old/XLGjc/

Targets

    • Target

      dbvnmjhk

    • Size

      176KB

    • MD5

      8a7c7754300dab0670eaf86357a5463d

    • SHA1

      6feb3edf05a2170772cdaef20d76b7e8e07c7b81

    • SHA256

      e9325a711e0f6f605b85898c5b507d4320e1f1dc672c68172b06cda359b5107e

    • SHA512

      3075f82c4530f5b9681c5b4979faf04fee0f82af288556c97b3e534abdac8290937af2f6e915f49625f9c0b4f6375b565eb9ef8aacb548ea0a29068ecad51eb2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks