Overview

overview

10

Static

static

8

9cd0619867...83.doc

windows7-x64

10

9cd0619867...83.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9cd061986718346b19c1a06298768c018c8a52599582c848583d354567a28f83

  • Size

    205KB

  • Sample

    220724-shzt1sgdfn

  • MD5

    7370d873691ecf8da1967f2baadcd0d3

  • SHA1

    38e0139a300e0d3a01fb2a5532924a5bae1e2bb8

  • SHA256

    9cd061986718346b19c1a06298768c018c8a52599582c848583d354567a28f83

  • SHA512

    6b181320396a24169efdcbbf0fa1bbc7b7e5e5cfdafff8b98c54dc94bf1eb4dc26221794023340d8eb09d467edc6c1b6b25424f8914ca6a5dfbaa3ae481ddd6d

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://ryedalemotorhomes.co.uk/wp-admin/RQ_g/
exe.dropper

https://villasantina.nl/y2nch7d/Rg_XV/
exe.dropper

http://maxmacpc.co.il/js/Yz_7/
exe.dropper

http://manioca.es/wp-content/W8_m/
exe.dropper

http://sarayaha.com/ad/hf_0/

Targets

    • Target

      9cd061986718346b19c1a06298768c018c8a52599582c848583d354567a28f83

    • Size

      205KB

    • MD5

      7370d873691ecf8da1967f2baadcd0d3

    • SHA1

      38e0139a300e0d3a01fb2a5532924a5bae1e2bb8

    • SHA256

      9cd061986718346b19c1a06298768c018c8a52599582c848583d354567a28f83

    • SHA512

      6b181320396a24169efdcbbf0fa1bbc7b7e5e5cfdafff8b98c54dc94bf1eb4dc26221794023340d8eb09d467edc6c1b6b25424f8914ca6a5dfbaa3ae481ddd6d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks