Overview

overview

10

Static

static

8

hcfmjfsu.doc

windows7_x64

10

hcfmjfsu.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hcfmjfsu

  • Size

    183KB

  • Sample

    220522-f5qhmsfgg9

  • MD5

    b66d8fe119418a8a69d1276b36eb2fc0

  • SHA1

    4b921043d94136bca5d42ad98a1b7e962a5b9af1

  • SHA256

    768f3c029cc79ae21d7c732487da93f0e8c7d19a83737f9ce7e107e3adc9054c

  • SHA512

    05c0872774d550fb5450c91ddec5ee4dc9c61cad79fa9c2980b1b6e0996d315c147fcb4331a6a841bc730d05a047411f1eeda274c32edd491547e866f6cdac07

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://superiorsurfacings.com/pc-not-qgtje/j8T3S/
exe.dropper

http://tenrougroup.com/j/Hb7Wf/
exe.dropper

http://syokmelaram.com/wp-includes/e1/
exe.dropper

http://advokatemelyanov.ru/administrator/OMHpK/
exe.dropper

http://mumglobal.com/content/DF0/
exe.dropper

http://mvldesign.ca/Durani/2lZs/
exe.dropper

https://eytsoft.com/css/Q2k/

Targets

    • Target

      hcfmjfsu

    • Size

      183KB

    • MD5

      b66d8fe119418a8a69d1276b36eb2fc0

    • SHA1

      4b921043d94136bca5d42ad98a1b7e962a5b9af1

    • SHA256

      768f3c029cc79ae21d7c732487da93f0e8c7d19a83737f9ce7e107e3adc9054c

    • SHA512

      05c0872774d550fb5450c91ddec5ee4dc9c61cad79fa9c2980b1b6e0996d315c147fcb4331a6a841bc730d05a047411f1eeda274c32edd491547e866f6cdac07

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks