Overview

overview

10

Static

static

95b76cb37e...43.doc

windows7-x64

10

95b76cb37e...43.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95b76cb37e2e3caa0e07f01c9aab219e128ea4ac3cab80aa48e9fc2733713343

  • Size

    151KB

  • Sample

    220724-zb5j9afde6

  • MD5

    0491199596fec95f256cdf779e7b60e0

  • SHA1

    f49109cb3b8d6b5c78d8b7a0e07bfbb482ac62ce

  • SHA256

    95b76cb37e2e3caa0e07f01c9aab219e128ea4ac3cab80aa48e9fc2733713343

  • SHA512

    31e0a7a789bb3299be18f72c67482bc591e4378b72a557a266450fb6188a16e460f7218c4d1f1a4e71620c9e31aff3db7796b2496c6af8e5f431bdc666a0a934

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://durganamkeen.com/wp-admin/DgUwPMst/
exe.dropper

http://gfpar.es/blogs/1y3p64_jyelzm-160135920/
exe.dropper

http://yourplasteringneedscovered.co.uk/bfrye/eeURJGsK/
exe.dropper

http://ladiesbazar.in/wp-includes/74yc005bti_pui2akdp-19152074/
exe.dropper

http://engraced.org/wp-content/lwUhCxRzO/

Targets

    • Target

      95b76cb37e2e3caa0e07f01c9aab219e128ea4ac3cab80aa48e9fc2733713343

    • Size

      151KB

    • MD5

      0491199596fec95f256cdf779e7b60e0

    • SHA1

      f49109cb3b8d6b5c78d8b7a0e07bfbb482ac62ce

    • SHA256

      95b76cb37e2e3caa0e07f01c9aab219e128ea4ac3cab80aa48e9fc2733713343

    • SHA512

      31e0a7a789bb3299be18f72c67482bc591e4378b72a557a266450fb6188a16e460f7218c4d1f1a4e71620c9e31aff3db7796b2496c6af8e5f431bdc666a0a934

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks