Overview

overview

10

Static

static

8

74113ff23b...82.doc

windows7-x64

10

74113ff23b...82.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74113ff23ba2b9a5f81dd7d7168d96adaa1ebab72cdc0b29ca5a3eeea5334682

  • Size

    99KB

  • Sample

    220724-zm8faafhg2

  • MD5

    a1541e59807a545b2586844edfc2d83d

  • SHA1

    a67c7ea51420ff63e063425b0897781943a62b78

  • SHA256

    74113ff23ba2b9a5f81dd7d7168d96adaa1ebab72cdc0b29ca5a3eeea5334682

  • SHA512

    207763b00957aac6d7d233f8db060615beb1eb399b5edef24c3993eb7dd6dba308a98c85c1bf3e015a3ea294752a518be7d447592187bb1ac92e704f2296d4fe

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://intraelectronics.com/9CBQqGip_YBdeLeOmn
exe.dropper

http://linkingphase.com/Ye09uJm_1TJzK_0
exe.dropper

http://radwomenbusinessowners.com/pnKAX_FAi9jc
exe.dropper

http://www.motoruitjes.nl/BrG_4Tb3uEk0N
exe.dropper

http://kantova.com/xRVVM3r_gsFZOEnE

Targets

    • Target

      74113ff23ba2b9a5f81dd7d7168d96adaa1ebab72cdc0b29ca5a3eeea5334682

    • Size

      99KB

    • MD5

      a1541e59807a545b2586844edfc2d83d

    • SHA1

      a67c7ea51420ff63e063425b0897781943a62b78

    • SHA256

      74113ff23ba2b9a5f81dd7d7168d96adaa1ebab72cdc0b29ca5a3eeea5334682

    • SHA512

      207763b00957aac6d7d233f8db060615beb1eb399b5edef24c3993eb7dd6dba308a98c85c1bf3e015a3ea294752a518be7d447592187bb1ac92e704f2296d4fe

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks