Overview

overview

10

Static

static

1ee4089919...59.doc

windows7_x64

10

1ee4089919...59.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1ee4089919dd39a7c69044dd61d5ff6f47d9773439e3f90403b66dc4a15e6159

  • Size

    137KB

  • Sample

    220625-k7zljsgfa6

  • MD5

    d6d0b75e9ca4c307199e776f5488bf5c

  • SHA1

    348d36fd32ee1b9acebc5bed9a60eba1d456006f

  • SHA256

    1ee4089919dd39a7c69044dd61d5ff6f47d9773439e3f90403b66dc4a15e6159

  • SHA512

    de79d371047577f8e330719ce452a9316b5eecd36e8f5c3e2a327d4e0546169bd7c0a6a958d284a5f77d18692d00597f793313f08ce063aa0ecb055d791a02da

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://stalf-photography.com/Academie_files/le1t_lzva0bs-93549621/
exe.dropper

http://steuerungen.com/SpryAssets/lnzkDXKkYI/
exe.dropper

http://stempfhuber.com/cgi-bin/hspgafe_zigwi25ew-816/
exe.dropper

https://stoklossa.net/STRATO/EhExYBeyhg/
exe.dropper

http://store503.com/admin/40uu9gih9_h5wjpc0-29/

Targets

    • Target

      1ee4089919dd39a7c69044dd61d5ff6f47d9773439e3f90403b66dc4a15e6159

    • Size

      137KB

    • MD5

      d6d0b75e9ca4c307199e776f5488bf5c

    • SHA1

      348d36fd32ee1b9acebc5bed9a60eba1d456006f

    • SHA256

      1ee4089919dd39a7c69044dd61d5ff6f47d9773439e3f90403b66dc4a15e6159

    • SHA512

      de79d371047577f8e330719ce452a9316b5eecd36e8f5c3e2a327d4e0546169bd7c0a6a958d284a5f77d18692d00597f793313f08ce063aa0ecb055d791a02da

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks