Overview

overview

10

Static

static

adc07b7378...f0.doc

windows7-x64

10

adc07b7378...f0.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adc07b7378fe4151f14b3b95e74c2672265af06b3defc0d178101a4f3b471ef0

  • Size

    146KB

  • Sample

    220724-zaw7gsfehl

  • MD5

    cb47ec5aefc0948b7d9b913faf956205

  • SHA1

    ae3a04ef0212f66894180aa705c1dab0d4f4f099

  • SHA256

    adc07b7378fe4151f14b3b95e74c2672265af06b3defc0d178101a4f3b471ef0

  • SHA512

    a098ade801394cc013aedae7b455aca52bfa04c1110adc31513afae263247b412903395f82dd52819a8cd23bdbe8e8c04470e8f0846e0efa5724b6faad73f60d

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://ksicardo.com/travel/ntKWzIyDl/
exe.dropper

http://iamzb.com/aspnet_client/system_web/GAAfRZMq/
exe.dropper

http://maloninc.com/apps/GbBZomQjS/
exe.dropper

http://kumakun.com/7jet/3b244672ze_btumnc0h-2178896/
exe.dropper

https://ingegneriadelweb.com/fantacalcio/8611ljoo_o4y023w-3754704371/

Targets

    • Target

      adc07b7378fe4151f14b3b95e74c2672265af06b3defc0d178101a4f3b471ef0

    • Size

      146KB

    • MD5

      cb47ec5aefc0948b7d9b913faf956205

    • SHA1

      ae3a04ef0212f66894180aa705c1dab0d4f4f099

    • SHA256

      adc07b7378fe4151f14b3b95e74c2672265af06b3defc0d178101a4f3b471ef0

    • SHA512

      a098ade801394cc013aedae7b455aca52bfa04c1110adc31513afae263247b412903395f82dd52819a8cd23bdbe8e8c04470e8f0846e0efa5724b6faad73f60d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks