Overview

overview

10

Static

static

8

27bfe27a4f...e.docm

windows7_x64

10

27bfe27a4f...e.docm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27bfe27a4f0fe8da3fabaca074cb4d3982f3b117c4d402afc6ca148eceff80be

  • Size

    95KB

  • Sample

    220616-dzsppshgfn

  • MD5

    2f38493885e8008f32c048958a2cdeda

  • SHA1

    3b623b3085213362add7008af21248c134090386

  • SHA256

    27bfe27a4f0fe8da3fabaca074cb4d3982f3b117c4d402afc6ca148eceff80be

  • SHA512

    694a02475c24786524388034b2501ea571d541a58c77ebc5b3066526ea3ea2e50829fd1f0270cfc452f30dacbd051834fb1053c8c92775bb1971725fc95071d0

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://13.114.230.250/QV2skGqtTw
exe.dropper

http://13.52.104.41/Igfq6xv5xo
exe.dropper

http://13.127.212.245/3LwnZ1t8
exe.dropper

http://206.189.181.0/Xht8nvYWZg
exe.dropper

http://115.66.127.67/JS9zvxk1i

Targets

    • Target

      27bfe27a4f0fe8da3fabaca074cb4d3982f3b117c4d402afc6ca148eceff80be

    • Size

      95KB

    • MD5

      2f38493885e8008f32c048958a2cdeda

    • SHA1

      3b623b3085213362add7008af21248c134090386

    • SHA256

      27bfe27a4f0fe8da3fabaca074cb4d3982f3b117c4d402afc6ca148eceff80be

    • SHA512

      694a02475c24786524388034b2501ea571d541a58c77ebc5b3066526ea3ea2e50829fd1f0270cfc452f30dacbd051834fb1053c8c92775bb1971725fc95071d0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks