Overview

overview

10

Static

static

8

8a35c1865b...e3.doc

windows7_x64

10

8a35c1865b...e3.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a35c1865bac08d865b42f376b27091b3abce6a9c261daacce084dcf6f7b73e3

  • Size

    233KB

  • Sample

    220701-hrzkhaghbm

  • MD5

    20dc70286bf91c3b45dd754e94508676

  • SHA1

    3aeca0f5f335718adf5d62b61098cf57974f2dd1

  • SHA256

    8a35c1865bac08d865b42f376b27091b3abce6a9c261daacce084dcf6f7b73e3

  • SHA512

    868ed81d5153024d990c19a7918785e6dba151b12fee104f4d00d3c27a345cb08f50c8c7602ef01e076918d4f9ae9fa57cb221353c013d31babf4928c0074e35

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bayboratek.com/28032019yedek/fd_2/
exe.dropper

http://client.ideatech.pk/wp-content/3_d/
exe.dropper

http://fabric-ville.net/2017/y_J/
exe.dropper

http://hadiyaacoub.com/wp-content/uploads/2019/Mj_W/
exe.dropper

http://himatika.mipa.uns.ac.id/wp-content/By_2/

Targets

    • Target

      8a35c1865bac08d865b42f376b27091b3abce6a9c261daacce084dcf6f7b73e3

    • Size

      233KB

    • MD5

      20dc70286bf91c3b45dd754e94508676

    • SHA1

      3aeca0f5f335718adf5d62b61098cf57974f2dd1

    • SHA256

      8a35c1865bac08d865b42f376b27091b3abce6a9c261daacce084dcf6f7b73e3

    • SHA512

      868ed81d5153024d990c19a7918785e6dba151b12fee104f4d00d3c27a345cb08f50c8c7602ef01e076918d4f9ae9fa57cb221353c013d31babf4928c0074e35

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks