Overview

overview

10

Static

static

8

f66925570a...1d.doc

windows7_x64

10

f66925570a...1d.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f66925570a0a62bd3a90719237058656eadf0c0f891e24799854a7d93e63da1d

  • Size

    265KB

  • Sample

    220625-l7kytsgafj

  • MD5

    f2a6dfb27d22a0572980c21aa3f0aa72

  • SHA1

    793068de3ede317810a04033897061cfb0cd9523

  • SHA256

    f66925570a0a62bd3a90719237058656eadf0c0f891e24799854a7d93e63da1d

  • SHA512

    671c7cea847396a3ebe8dec53aa1286971857dfa3735a6509015c0b4e606e7f1c6bbade9b0833276790da5244f2cf42be76c1601ced95d1e301e70b6603e0952

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://rift.mx/1q6yfowWdTLO_y6PDvDqM1
exe.dropper

http://ylgcelik.site/images/assets/gqozUJEiIYeC_dnZTDQX
exe.dropper

http://aviontravelgroup.com/MyxIIPxzR57RBIQ_BMNwuCa3q
exe.dropper

http://ecohoney.com.ua/QIBhgUzx_M2znhUL
exe.dropper

http://wa-producoes.com.br/4m5Lb0xKdUs9N49_eln5oEXK

Targets

    • Target

      f66925570a0a62bd3a90719237058656eadf0c0f891e24799854a7d93e63da1d

    • Size

      265KB

    • MD5

      f2a6dfb27d22a0572980c21aa3f0aa72

    • SHA1

      793068de3ede317810a04033897061cfb0cd9523

    • SHA256

      f66925570a0a62bd3a90719237058656eadf0c0f891e24799854a7d93e63da1d

    • SHA512

      671c7cea847396a3ebe8dec53aa1286971857dfa3735a6509015c0b4e606e7f1c6bbade9b0833276790da5244f2cf42be76c1601ced95d1e301e70b6603e0952

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks