Overview

overview

10

Static

static

8

0d10fe705e...0f.doc

windows7_x64

10

0d10fe705e...0f.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d10fe705e970034049229c93062cce13a3c212827b5a94aa9bd51764fac480f

  • Size

    164KB

  • Sample

    220630-3rh8qscgdk

  • MD5

    08414b384969c9d4ec135bc4a004c6af

  • SHA1

    78f72141913a72d3fee22fc5f55ab755e178e1c0

  • SHA256

    0d10fe705e970034049229c93062cce13a3c212827b5a94aa9bd51764fac480f

  • SHA512

    d03fc15642df0227ae69fcc1ee77677c27177f50e61c3401c072d01a8a333ecf60b44e80cc1ab1ea89b678ac81b391f88e7c645339cdfb7834c0bd08daf4232c

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://grcklasik.com/ytpawk3j4/qN3P/
exe.dropper

http://eurocasinolive.com/test/paAQL7/
exe.dropper

http://heuveling.net/9op/
exe.dropper

http://haru1ban.net/files/Ep/
exe.dropper

http://netwebshosting.com/whmcs/DjM/

Targets

    • Target

      0d10fe705e970034049229c93062cce13a3c212827b5a94aa9bd51764fac480f

    • Size

      164KB

    • MD5

      08414b384969c9d4ec135bc4a004c6af

    • SHA1

      78f72141913a72d3fee22fc5f55ab755e178e1c0

    • SHA256

      0d10fe705e970034049229c93062cce13a3c212827b5a94aa9bd51764fac480f

    • SHA512

      d03fc15642df0227ae69fcc1ee77677c27177f50e61c3401c072d01a8a333ecf60b44e80cc1ab1ea89b678ac81b391f88e7c645339cdfb7834c0bd08daf4232c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks