Overview

overview

10

Static

static

8

990801c1de...79.doc

windows7-x64

10

990801c1de...79.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    990801c1de058647b506c19565ee7abf0c886af33defe87c185c91aa65f9b579

  • Size

    160KB

  • Sample

    220724-zb1w3afde3

  • MD5

    f2c5e55cf077e24a0c347506ea8d7b8e

  • SHA1

    fc39267af130c5327009476f2a71d97ef48a94b8

  • SHA256

    990801c1de058647b506c19565ee7abf0c886af33defe87c185c91aa65f9b579

  • SHA512

    3652fee413c7f2ee7cd0345eae726b2c1319e1b8a3f4af41b7639917ebf4f061daccaa0ae357050ca2c07c932b9f600b15160c5f4db9a24d0e8ef6837b992609

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://pressuredspeech.com/dngn/cEmgNTByQ/
exe.dropper

https://phoneringtones.info/wp-content/uploads/qx93_k68trw3j-15334/
exe.dropper

http://safeservicesfze.com/wp-admin/ZmVYmAXv/
exe.dropper

https://freewallpaperdesktop.com/wp-includes/50lz_zkln03lbc-8209361/
exe.dropper

http://noingoaithatthanhnam.com/wp-admin/voytvHre/

Targets

    • Target

      990801c1de058647b506c19565ee7abf0c886af33defe87c185c91aa65f9b579

    • Size

      160KB

    • MD5

      f2c5e55cf077e24a0c347506ea8d7b8e

    • SHA1

      fc39267af130c5327009476f2a71d97ef48a94b8

    • SHA256

      990801c1de058647b506c19565ee7abf0c886af33defe87c185c91aa65f9b579

    • SHA512

      3652fee413c7f2ee7cd0345eae726b2c1319e1b8a3f4af41b7639917ebf4f061daccaa0ae357050ca2c07c932b9f600b15160c5f4db9a24d0e8ef6837b992609

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks