Overview

overview

10

Static

static

8

25e20dba16...1c.doc

windows7-x64

10

25e20dba16...1c.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25e20dba1686718cf283d2c42000451173871d93561d6b320295168643d53b1c

  • Size

    82KB

  • Sample

    220724-znbspsfhg5

  • MD5

    3c0c13ebe452fa340ce659c07a5d670f

  • SHA1

    786925a614d7856ac61e24d429adbcbe7faab6d2

  • SHA256

    25e20dba1686718cf283d2c42000451173871d93561d6b320295168643d53b1c

  • SHA512

    acf93a10760aea3ecbdbb82601f4ddb943f689b4e0fb7b861aa878a77d0a6d89fe50315a98dd98b3eae4612eebea7b7573d8096cb2c91f667711724beac8b332

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://binsuloomgroup.com/wp-content/uploads/NefRZe_crlN072r_S
exe.dropper

http://jcpersonaliza.com.br/g0i_4UcIJs
exe.dropper

http://medicspoint.pk/5RKX6Ot_r3wyO
exe.dropper

http://lailarahman.com/NLwq7z5_VIN4p7AR_00KDII
exe.dropper

http://aryahospitalksh.com/h1rAZ_HEFn0J_E

Targets

    • Target

      25e20dba1686718cf283d2c42000451173871d93561d6b320295168643d53b1c

    • Size

      82KB

    • MD5

      3c0c13ebe452fa340ce659c07a5d670f

    • SHA1

      786925a614d7856ac61e24d429adbcbe7faab6d2

    • SHA256

      25e20dba1686718cf283d2c42000451173871d93561d6b320295168643d53b1c

    • SHA512

      acf93a10760aea3ecbdbb82601f4ddb943f689b4e0fb7b861aa878a77d0a6d89fe50315a98dd98b3eae4612eebea7b7573d8096cb2c91f667711724beac8b332

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks