Overview

overview

10

Static

static

8

0282a70dab...5e.doc

windows7_x64

10

0282a70dab...5e.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0282a70dabec4f4b6cc1f477cab7a97e23558677a0b6d8bb55f329b9719deb5e

  • Size

    149KB

  • Sample

    220528-er3qdagde5

  • MD5

    01bd5086626c325d7ac0d78c0c771494

  • SHA1

    3ad022f607ad8b8d7ef087e36025e34bf4e51efc

  • SHA256

    0282a70dabec4f4b6cc1f477cab7a97e23558677a0b6d8bb55f329b9719deb5e

  • SHA512

    3db62eadf07905696d902b3af621e5a57e62a693dd31fe8b84b1f2ddf3f71ee4c6374aec5afe90288136583cbab73d7019f361cf08fcc6d2701ae12949288971

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://crafformican-iop-milo.com/lvyh/GtiXiCAT/
exe.dropper

http://abadancomplex.ir/_bk/WdZfezpxN/
exe.dropper

http://muaxanh.com/wp-admin/PjlpyJPzD/
exe.dropper

http://alvapropiedades.cl/wp-includes/XqngkzbS/
exe.dropper

http://parquememorialjapi.com.br/df8idr3/5i5oqn_7rjae-3/

Targets

    • Target

      0282a70dabec4f4b6cc1f477cab7a97e23558677a0b6d8bb55f329b9719deb5e

    • Size

      149KB

    • MD5

      01bd5086626c325d7ac0d78c0c771494

    • SHA1

      3ad022f607ad8b8d7ef087e36025e34bf4e51efc

    • SHA256

      0282a70dabec4f4b6cc1f477cab7a97e23558677a0b6d8bb55f329b9719deb5e

    • SHA512

      3db62eadf07905696d902b3af621e5a57e62a693dd31fe8b84b1f2ddf3f71ee4c6374aec5afe90288136583cbab73d7019f361cf08fcc6d2701ae12949288971

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks