a66b5982e41c8e78c0a807d5c1e7ecf9d554b941fad99bb856564e4ddbb5d295 | Triage

Submit
Reports

Overview

overview

Static

static

a66b5982e4...95.doc

windows7-x64

a66b5982e4...95.doc

windows10-2004-x64

Sharing

General

Target

a66b5982e41c8e78c0a807d5c1e7ecf9d554b941fad99bb856564e4ddbb5d295
Size

149KB
Sample

220724-za9sksfdb8
MD5

35b1085d0874798babcc94a2b350ad7d
SHA1

0d7ff87a0e1067a0dea89ee3b4969469c87d03de
SHA256

a66b5982e41c8e78c0a807d5c1e7ecf9d554b941fad99bb856564e4ddbb5d295
SHA512

7983baa8d37189bd82eab5947229bf82d1460b8fe9d4e77e4cbeb894e8b584e94bfa9c17102f755cecdd06c5013ebd1eb4531ed5c4e218fd1e20ceccea09641b

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

a66b5982e41c8e78c0a807d5c1e7ecf9d554b941fad99bb856564e4ddbb5d295.doc

Resource

win7-20220718-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a66b5982e41c8e78c0a807d5c1e7ecf9d554b941fad99bb856564e4ddbb5d295.doc

Resource

win10v2004-20220722-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.wholesale-towels.com/caapa/2skq2c8brl_ujstqor-9423/

exe.dropper

https://sehatmadu.com/wp-admin/sMsnqVEHO/

exe.dropper

http://wayuansudamai.com/wp-includes/tUhChhCpcN/

exe.dropper

http://vnilla.com/cgi-bin/xdmlv_90ij5qu1-86492/

exe.dropper

http://vcontenidos.com/wp-admin/nzxnfyy9_x7u5tyux4w-71288/

Targets

- Target
  
  a66b5982e41c8e78c0a807d5c1e7ecf9d554b941fad99bb856564e4ddbb5d295
- Size
  
  149KB
- MD5
  
  35b1085d0874798babcc94a2b350ad7d
- SHA1
  
  0d7ff87a0e1067a0dea89ee3b4969469c87d03de
- SHA256
  
  a66b5982e41c8e78c0a807d5c1e7ecf9d554b941fad99bb856564e4ddbb5d295
- SHA512
  
  7983baa8d37189bd82eab5947229bf82d1460b8fe9d4e77e4cbeb894e8b584e94bfa9c17102f755cecdd06c5013ebd1eb4531ed5c4e218fd1e20ceccea09641b
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy