Overview

overview

10

Static

static

8

269d5a38bc...6e.doc

windows7-x64

10

269d5a38bc...6e.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    269d5a38bc77f5228031fa16b3b19dea79b6f4095331dc4e6e8edabbd35df36e

  • Size

    221KB

  • Sample

    220724-zl8pnagafj

  • MD5

    8b017e9b07cb81cbe36f0df16c47c404

  • SHA1

    b454db93419c926768b004addc427f77ef6c123d

  • SHA256

    269d5a38bc77f5228031fa16b3b19dea79b6f4095331dc4e6e8edabbd35df36e

  • SHA512

    6f322a42c10d417290ca2bfbe23b9c9610711d04fb1c05b5431e567071878c121e26162278ab3ebe922ab80974b4203d056e1b1b1a4e94c3019133c5e7e2ce77

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://uat-essence.oablab.com/cEP88qz
exe.dropper

http://34.207.179.222/GPc2ykD
exe.dropper

http://204.236.197.55/ZmkN6EP
exe.dropper

http://107.23.200.84/EmllsJND2W
exe.dropper

http://radioviverbem.com.br/SZYTAZDa

Targets

    • Target

      269d5a38bc77f5228031fa16b3b19dea79b6f4095331dc4e6e8edabbd35df36e

    • Size

      221KB

    • MD5

      8b017e9b07cb81cbe36f0df16c47c404

    • SHA1

      b454db93419c926768b004addc427f77ef6c123d

    • SHA256

      269d5a38bc77f5228031fa16b3b19dea79b6f4095331dc4e6e8edabbd35df36e

    • SHA512

      6f322a42c10d417290ca2bfbe23b9c9610711d04fb1c05b5431e567071878c121e26162278ab3ebe922ab80974b4203d056e1b1b1a4e94c3019133c5e7e2ce77

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks