Overview

overview

10

Static

static

8

3e2b4e68ac...db.doc

windows7_x64

10

3e2b4e68ac...db.doc

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e2b4e68ac973039ab0a3da9e7dae82521db17cb1ace27c230a1d3cb0ae430db

  • Size

    208KB

  • Sample

    220625-k677asecgq

  • MD5

    172c1e8607e66013f3cb6ec389f59699

  • SHA1

    43449ff24110838611d3dd450ff6a1d72bc370b4

  • SHA256

    3e2b4e68ac973039ab0a3da9e7dae82521db17cb1ace27c230a1d3cb0ae430db

  • SHA512

    a355f90fee2452f72e67cec1eb1713d026fd97c6b94ff4dd047677fd3afa014d5c8b25aeb54ebbe153a4cce58265d47f9b3fd3c4a9411bcf9bb7a7affc6f6399

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ahuratech.com/ei9u4vn/T_8z/
exe.dropper

http://mindigroup.com/wp-admin/T_tB/
exe.dropper

http://extraspace.uk.com/wp-admin/i_Gl/
exe.dropper

http://nuoviclienti.net/hanemdg/Es_wv/
exe.dropper

http://eniyionfirma.com/wp-admin/CI_xj/

Targets

    • Target

      3e2b4e68ac973039ab0a3da9e7dae82521db17cb1ace27c230a1d3cb0ae430db

    • Size

      208KB

    • MD5

      172c1e8607e66013f3cb6ec389f59699

    • SHA1

      43449ff24110838611d3dd450ff6a1d72bc370b4

    • SHA256

      3e2b4e68ac973039ab0a3da9e7dae82521db17cb1ace27c230a1d3cb0ae430db

    • SHA512

      a355f90fee2452f72e67cec1eb1713d026fd97c6b94ff4dd047677fd3afa014d5c8b25aeb54ebbe153a4cce58265d47f9b3fd3c4a9411bcf9bb7a7affc6f6399

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks