Overview

overview

10

Static

static

8

fvmnoedv.doc

windows7_x64

10

fvmnoedv.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fvmnoedv

  • Size

    225KB

  • Sample

    220522-f4nbwsbbaj

  • MD5

    573d8faaeec1daf286fcb2561dccaeae

  • SHA1

    e2d1331e2b7f36b14879f79e2bcd50b872a3465f

  • SHA256

    b6cadd34a5aee93bc88d830b2543b9adb3af8ddbd8bae4b99b03d4ec23c03ffc

  • SHA512

    4e11a0402bb0a47a4c829910bf3364231a151825faf4b35960902c71cfd93997a72c459dd06917a46e4296b2e178dad25055071f014a925cea0db6c14f0cb1af

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fabfastfashion.com/hebes1/ppzXffY7My/
exe.dropper

http://soarflix.com/arcmulti/nA5T0999/
exe.dropper

http://cloudcertitude.com/mail/Ord4990/
exe.dropper

https://fzweiming.com/wp-content/Mz2592/
exe.dropper

http://billingup.com/wp-admin/MfFw298/

Targets

    • Target

      fvmnoedv

    • Size

      225KB

    • MD5

      573d8faaeec1daf286fcb2561dccaeae

    • SHA1

      e2d1331e2b7f36b14879f79e2bcd50b872a3465f

    • SHA256

      b6cadd34a5aee93bc88d830b2543b9adb3af8ddbd8bae4b99b03d4ec23c03ffc

    • SHA512

      4e11a0402bb0a47a4c829910bf3364231a151825faf4b35960902c71cfd93997a72c459dd06917a46e4296b2e178dad25055071f014a925cea0db6c14f0cb1af

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks