Overview

overview

10

Static

static

5c0e8c8cb4...92.doc

windows7-x64

10

5c0e8c8cb4...92.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c0e8c8cb4b045e9683ca8f2e266b1fef7e1240fc1e3059e876c273745ea1592

  • Size

    124KB

  • Sample

    220731-j4855sggfr

  • MD5

    556e310b5782d2a207bae407584b532f

  • SHA1

    22ed107569ede12a725720b2bef7728fb49db948

  • SHA256

    5c0e8c8cb4b045e9683ca8f2e266b1fef7e1240fc1e3059e876c273745ea1592

  • SHA512

    5e4b1f9e2981920c5d9d37932e2a3cf471991342dad8966cb6dca8fcece20edd0657f16504f0f3d4849e57e1b3b8cf633193de566a8ffc3345313ccf17591973

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://overcreative.com/css/shecgesia_cjtf7s6-2586658720/
exe.dropper

http://antonresidential.com/wkdrlk/papkaa17/NujUJetNy/
exe.dropper

http://gawaher-services.com/nngb24y/vXGApWUwd/
exe.dropper

http://thepropertydealerz.com/cgi-bin/5ze7vs_tgt6e3k-5/
exe.dropper

http://guimaraesconstrutorasjc.com.br/wp-content/NTlTZtAUB/

Targets

    • Target

      5c0e8c8cb4b045e9683ca8f2e266b1fef7e1240fc1e3059e876c273745ea1592

    • Size

      124KB

    • MD5

      556e310b5782d2a207bae407584b532f

    • SHA1

      22ed107569ede12a725720b2bef7728fb49db948

    • SHA256

      5c0e8c8cb4b045e9683ca8f2e266b1fef7e1240fc1e3059e876c273745ea1592

    • SHA512

      5e4b1f9e2981920c5d9d37932e2a3cf471991342dad8966cb6dca8fcece20edd0657f16504f0f3d4849e57e1b3b8cf633193de566a8ffc3345313ccf17591973

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks