27a7986a402e6037a9e2a4306d260c27f9d1cf071f59dd3031b06b74e7c4741a

General

Target

27a7986a402e6037a9e2a4306d260c27f9d1cf071f59dd3031b06b74e7c4741a
Size

122KB
Sample

220524-ea1jpaaack
MD5

f0a24b5b2777787a702aae58b99cacea
SHA1

4c2633e636ebed03d253ae9cb1288dd81cfd07c2
SHA256

27a7986a402e6037a9e2a4306d260c27f9d1cf071f59dd3031b06b74e7c4741a
SHA512

383f2365550496ad2dd75c24e057eeffcc49a73f7ab5838dbd503d12aaea9db40edac2a062ad8d3309ed68ff0833da24363296065bb6f45d26854a84daad6f8a

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://naft-dz.com/wp-content/cel3xz7ik6_u5a7be-354524163/

exe.dropper

http://fullinnova.com/video/AXINpXSB/

exe.dropper

http://novametal.cl/wp-includes/3r5l_nt34dqjxr7-3/

exe.dropper

http://ortodontagliwice.com.pl/wp-admin/TIPFceap/

exe.dropper

http://avrdevices.ru/Soft/ZIKmwKarDQ/

Targets

- Target
  
  27a7986a402e6037a9e2a4306d260c27f9d1cf071f59dd3031b06b74e7c4741a
- Size
  
  122KB
- MD5
  
  f0a24b5b2777787a702aae58b99cacea
- SHA1
  
  4c2633e636ebed03d253ae9cb1288dd81cfd07c2
- SHA256
  
  27a7986a402e6037a9e2a4306d260c27f9d1cf071f59dd3031b06b74e7c4741a
- SHA512
  
  383f2365550496ad2dd75c24e057eeffcc49a73f7ab5838dbd503d12aaea9db40edac2a062ad8d3309ed68ff0833da24363296065bb6f45d26854a84daad6f8a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2