a0f6ce6375c17dcd4052f315be17146c089c664a1552e0d1a3c3ecd1e8a6d6cf | Triage

Submit
Reports

Overview

overview

Static

static

8

a0f6ce6375...cf.doc

windows7-x64

a0f6ce6375...cf.doc

windows10-2004-x64

Sharing

General

Target

a0f6ce6375c17dcd4052f315be17146c089c664a1552e0d1a3c3ecd1e8a6d6cf
Size

95KB
Sample

220724-zblgdafdc7
MD5

186c67a706eb91c97ab9b550c5bd531b
SHA1

35583941dec461c4045ecb4bfd0ebdd0e9a6c9de
SHA256

a0f6ce6375c17dcd4052f315be17146c089c664a1552e0d1a3c3ecd1e8a6d6cf
SHA512

fa772d641409088277fc9d51a2063ba55b25cb87fc9403f350a15c9cd0ec1ae9f6004cb6fbdae2ad60a9ed2dd480f119a824d772c659cb457ec7d35dd634f5b1

Score

10^/10

macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a0f6ce6375c17dcd4052f315be17146c089c664a1552e0d1a3c3ecd1e8a6d6cf.doc

Resource

win7-20220718-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

a0f6ce6375c17dcd4052f315be17146c089c664a1552e0d1a3c3ecd1e8a6d6cf.doc

Resource

win10v2004-20220722-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://sundownbodrum.com/J335NbN

exe.dropper

http://www.roteirobrasil.com/wp-includes/XEBv3PdHgZ

exe.dropper

http://rdabih.org/m7mnTYaIzL

exe.dropper

http://zavgroup.net/11D6PwFu

exe.dropper

http://stefanobaldini.net/DfSVLfsC6

Targets

- Target
  
  a0f6ce6375c17dcd4052f315be17146c089c664a1552e0d1a3c3ecd1e8a6d6cf
- Size
  
  95KB
- MD5
  
  186c67a706eb91c97ab9b550c5bd531b
- SHA1
  
  35583941dec461c4045ecb4bfd0ebdd0e9a6c9de
- SHA256
  
  a0f6ce6375c17dcd4052f315be17146c089c664a1552e0d1a3c3ecd1e8a6d6cf
- SHA512
  
  fa772d641409088277fc9d51a2063ba55b25cb87fc9403f350a15c9cd0ec1ae9f6004cb6fbdae2ad60a9ed2dd480f119a824d772c659cb457ec7d35dd634f5b1
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy