Overview

overview

10

Static

static

8

0212a69aee...e9.doc

windows7_x64

10

0212a69aee...e9.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0212a69aeefb6354edbb728fbd3cb4ec28d88efcf7a3f343e3e67884fb9978e9

  • Size

    174KB

  • Sample

    220523-t4m8safag7

  • MD5

    d7eb240f86f8883dfbc77ed13b4e9ba9

  • SHA1

    3d800e1b0e366d50dcfa7c9ae5cca0c1857db176

  • SHA256

    0212a69aeefb6354edbb728fbd3cb4ec28d88efcf7a3f343e3e67884fb9978e9

  • SHA512

    b5e51422d562c3e4162dbc415eba3d3522986710108b92535d2dcb98f6f1128704c45041d6ba373d868d9a8c90c166201a25f5601b45fb4c3bf273c3d78aacdf

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://sukuntextile.com/wp_old/v_N/
exe.dropper

http://www.astoriadrycleaning.com.sg/wp-content/S_4v/
exe.dropper

http://d1mension-capitaland.vn/wp-admin/Dm_C/
exe.dropper

http://xn--80ajoksa8ap9b.xn--p1ai/administrator/r4_iG/
exe.dropper

http://e3consulting.co.me/blogs/e9_6/

Targets

    • Target

      0212a69aeefb6354edbb728fbd3cb4ec28d88efcf7a3f343e3e67884fb9978e9

    • Size

      174KB

    • MD5

      d7eb240f86f8883dfbc77ed13b4e9ba9

    • SHA1

      3d800e1b0e366d50dcfa7c9ae5cca0c1857db176

    • SHA256

      0212a69aeefb6354edbb728fbd3cb4ec28d88efcf7a3f343e3e67884fb9978e9

    • SHA512

      b5e51422d562c3e4162dbc415eba3d3522986710108b92535d2dcb98f6f1128704c45041d6ba373d868d9a8c90c166201a25f5601b45fb4c3bf273c3d78aacdf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks