Overview

overview

10

Static

static

67f27ff168...be.doc

windows7_x64

10

67f27ff168...be.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67f27ff168d34fea798552774ec1859f7ced8ccc9382fe2becd8f806403ee4be

  • Size

    126KB

  • Sample

    220625-lbef6seefn

  • MD5

    9a52b337ec45bdbff8f31ca82e29c5ae

  • SHA1

    c67a5af9460939c0b3fd04560b90fcaaa57b4b43

  • SHA256

    67f27ff168d34fea798552774ec1859f7ced8ccc9382fe2becd8f806403ee4be

  • SHA512

    a3286bba6a324bcf1a0fd1bd3df5159a416aa47d00fc8ed47be1f81d1dee1398786c3f51343b33eb2b00bf80e3dc8133034bab88f698ce7626cc52715144fa8c

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.maisonmanor.com/wp-content/unRpFYCwFf/
exe.dropper

http://4gstartup.com/wp-content/wotdrnPG/
exe.dropper

http://bonespecialistsinmangalore.com/images/ehbim9q_qgre5mcjf9-69608/
exe.dropper

http://hondathudo.com/wp-snapshots/cnwnwsqh_55c9q-928746/
exe.dropper

http://betabangladesh.com/wp-includes/24thfsvoy_ty0ixhm-59/

Targets

    • Target

      67f27ff168d34fea798552774ec1859f7ced8ccc9382fe2becd8f806403ee4be

    • Size

      126KB

    • MD5

      9a52b337ec45bdbff8f31ca82e29c5ae

    • SHA1

      c67a5af9460939c0b3fd04560b90fcaaa57b4b43

    • SHA256

      67f27ff168d34fea798552774ec1859f7ced8ccc9382fe2becd8f806403ee4be

    • SHA512

      a3286bba6a324bcf1a0fd1bd3df5159a416aa47d00fc8ed47be1f81d1dee1398786c3f51343b33eb2b00bf80e3dc8133034bab88f698ce7626cc52715144fa8c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks