Overview

overview

10

Static

static

8

1bb948ea6a...0.docm

windows7_x64

10

1bb948ea6a...0.docm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bb948ea6a642404c81eff109bd3bf4de8d17371bd084d3636e5638345cc5020

  • Size

    94KB

  • Sample

    220607-wddmrsbafp

  • MD5

    17160cfc8b8c0401f0d2063a615fb133

  • SHA1

    baba76bfcc698be2fd98574ba2bdcf894a9c3c16

  • SHA256

    1bb948ea6a642404c81eff109bd3bf4de8d17371bd084d3636e5638345cc5020

  • SHA512

    e88185760d15ff0c0eb7f83a111393f4bb309387f6533875958f9f5fb5208ad0b2566157b5986db4462711bb2982fa5ac10a4e84803e11c2e5a1073fe54fdf3c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://japanijob.com/UUC8iEfIfb
exe.dropper

http://103.11.22.51/wp-content/uploads/yoarKX9
exe.dropper

http://13.126.28.98/hPwXcgCZBx
exe.dropper

http://159.65.146.232/ugitr4t4L
exe.dropper

http://159.65.65.213/iz1Cc1GhZ

Targets

    • Target

      1bb948ea6a642404c81eff109bd3bf4de8d17371bd084d3636e5638345cc5020

    • Size

      94KB

    • MD5

      17160cfc8b8c0401f0d2063a615fb133

    • SHA1

      baba76bfcc698be2fd98574ba2bdcf894a9c3c16

    • SHA256

      1bb948ea6a642404c81eff109bd3bf4de8d17371bd084d3636e5638345cc5020

    • SHA512

      e88185760d15ff0c0eb7f83a111393f4bb309387f6533875958f9f5fb5208ad0b2566157b5986db4462711bb2982fa5ac10a4e84803e11c2e5a1073fe54fdf3c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks