Overview

overview

10

Static

static

8

hyxrrrnz.doc

windows7_x64

10

hyxrrrnz.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hyxrrrnz

  • Size

    173KB

  • Sample

    220522-f54ehabbgn

  • MD5

    d89784df6e0066bd3d7fef707354c69b

  • SHA1

    c5b32e8491994855cb143c1a6f3e3579b97a0395

  • SHA256

    4ffa47e0f118abfe29b729542aaa390586651144b3c79a2272f3808bc4f4310a

  • SHA512

    b2e8c599f77aa79ed7e2a0e010aa89e1a89509825a6580feb5e1b7724cf4ac7379fb0a7936ec2ae6e56c6830f3da381309a90e601121085db653fad7aef3879c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://coworkingplus.es/wp-admin/FxmME/
exe.dropper

http://silkonbusiness.matrixinfotechsolution.com/js/q26/
exe.dropper

https://bbjugueteria.com/s6kscx/Z/
exe.dropper

https://www.bimception.com/wp-admin/sHy5t/
exe.dropper

http://armakonarms.com/wp-includes/fz/
exe.dropper

http://alugrama.com.mx/t/2/
exe.dropper

http://homecass.com/wp-content/iF/

Targets

    • Target

      hyxrrrnz

    • Size

      173KB

    • MD5

      d89784df6e0066bd3d7fef707354c69b

    • SHA1

      c5b32e8491994855cb143c1a6f3e3579b97a0395

    • SHA256

      4ffa47e0f118abfe29b729542aaa390586651144b3c79a2272f3808bc4f4310a

    • SHA512

      b2e8c599f77aa79ed7e2a0e010aa89e1a89509825a6580feb5e1b7724cf4ac7379fb0a7936ec2ae6e56c6830f3da381309a90e601121085db653fad7aef3879c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks