Overview

overview

10

Static

static

8

56d6488a1b...53.doc

windows7_x64

10

56d6488a1b...53.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56d6488a1b865cef4425d95aced79a4ad03364810e505fb1964d20be3a40de53

  • Size

    168KB

  • Sample

    220701-fmdfcsdadl

  • MD5

    f25839380349099bcc91c17e337410c9

  • SHA1

    e0d97e0496f43485f8ab9538e79d90d3845fa309

  • SHA256

    56d6488a1b865cef4425d95aced79a4ad03364810e505fb1964d20be3a40de53

  • SHA512

    0eaea2f974781b1501b20dec6f37c5c445acb4b3035b26cf0795aa45bbbd9ab0175a6dc051b74564d4db46fdb746f05e64ad7a575fdaa87bda59567e3933edec

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://artmikhalchyk.com/wp-includes/mYW3/
exe.dropper

http://franosbarbershop.com/wp-content/plugins/IUh1/
exe.dropper

http://arexcargo.com/wp-includes/QBci/
exe.dropper

http://altarfx.com/wordpress/wQYt/
exe.dropper

http://uitcs.acm.org/wp-content/fqSlt/

Targets

    • Target

      56d6488a1b865cef4425d95aced79a4ad03364810e505fb1964d20be3a40de53

    • Size

      168KB

    • MD5

      f25839380349099bcc91c17e337410c9

    • SHA1

      e0d97e0496f43485f8ab9538e79d90d3845fa309

    • SHA256

      56d6488a1b865cef4425d95aced79a4ad03364810e505fb1964d20be3a40de53

    • SHA512

      0eaea2f974781b1501b20dec6f37c5c445acb4b3035b26cf0795aa45bbbd9ab0175a6dc051b74564d4db46fdb746f05e64ad7a575fdaa87bda59567e3933edec

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks