Overview

overview

10

Static

static

8

d00ea82048...b3.doc

windows7_x64

10

d00ea82048...b3.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d00ea82048586132558cad674d9094f495527202fccddcc84d30b365699839b3

  • Size

    102KB

  • Sample

    220701-djqv6shdbp

  • MD5

    a8663064c108b10da2ff0398fb6f2118

  • SHA1

    a15725c07c06c3b04aa4436db05391b6c15b3cc6

  • SHA256

    d00ea82048586132558cad674d9094f495527202fccddcc84d30b365699839b3

  • SHA512

    63b61b157bc491a8e23eda63f2c5120575e1c2263cfbad38b06806b3bdcbc2916b62e7a861d3917a0a3feceee7fba422c16c4136c5b268587fda2f8c9aa7e467

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://intraelectronics.com/9CBQqGip_YBdeLeOmn
exe.dropper

http://linkingphase.com/Ye09uJm_1TJzK_0
exe.dropper

http://radwomenbusinessowners.com/pnKAX_FAi9jc
exe.dropper

http://www.motoruitjes.nl/BrG_4Tb3uEk0N
exe.dropper

http://kantova.com/xRVVM3r_gsFZOEnE

Targets

    • Target

      d00ea82048586132558cad674d9094f495527202fccddcc84d30b365699839b3

    • Size

      102KB

    • MD5

      a8663064c108b10da2ff0398fb6f2118

    • SHA1

      a15725c07c06c3b04aa4436db05391b6c15b3cc6

    • SHA256

      d00ea82048586132558cad674d9094f495527202fccddcc84d30b365699839b3

    • SHA512

      63b61b157bc491a8e23eda63f2c5120575e1c2263cfbad38b06806b3bdcbc2916b62e7a861d3917a0a3feceee7fba422c16c4136c5b268587fda2f8c9aa7e467

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks