87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac | Triage

Submit
Reports

Overview

overview

Static

static

8

87d7482385...ac.doc

windows7-x64

87d7482385...ac.doc

windows10-2004-x64

Sharing

General

Target

87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac
Size

241KB
Sample

220725-embq4adha9
MD5

3ca3bf6763dc76242936968a4a404e69
SHA1

4fbeb739a5c2bc167a276bced5c050f08049d6c6
SHA256

87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac
SHA512

50ecafc6bfe0b45909ebefee247807c2ef1f9ac40816c39206aa984750da76c5022dc9a76f33783d9b19905b679f3053219936a2b968355d821930b4608c9065

Score

10^/10

macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac.doc

Resource

win7-20220715-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac.doc

Resource

win10v2004-20220721-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://turningspeech.com/rm44r5z/usg/

exe.dropper

http://zarabianiegeorge.cba.pl/images/JN/

exe.dropper

http://strugglingcreative.com/wp-content/M0K/

exe.dropper

https://vesperia.id/wp-content/TO/

exe.dropper

http://rossairey.com/images/hf/

Targets

- Target
  
  87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac
- Size
  
  241KB
- MD5
  
  3ca3bf6763dc76242936968a4a404e69
- SHA1
  
  4fbeb739a5c2bc167a276bced5c050f08049d6c6
- SHA256
  
  87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac
- SHA512
  
  50ecafc6bfe0b45909ebefee247807c2ef1f9ac40816c39206aa984750da76c5022dc9a76f33783d9b19905b679f3053219936a2b968355d821930b4608c9065
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy