Overview

overview

10

Static

static

132b80a7e4...9b.doc

windows7-x64

10

132b80a7e4...9b.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    132b80a7e447dfd6893270baa35d4a97fdccf1bf7306fe94f81233d1ea15bc9b

  • Size

    148KB

  • Sample

    220731-j77rgsghgj

  • MD5

    ac311f203eee100fdf576e5b5510b761

  • SHA1

    560fd00010580f37b799d559fa7b8b5874101134

  • SHA256

    132b80a7e447dfd6893270baa35d4a97fdccf1bf7306fe94f81233d1ea15bc9b

  • SHA512

    507ecdc21e524ef02b72bfadd42c6a5d452fa7a0b124812a6057184b0f0a6d8c4a28861e926582dc34842de56c0d04f2fe628dfad04aa865369a4537d3526fa5

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://www.wholesale-towels.com/caapa/2skq2c8brl_ujstqor-9423/
exe.dropper

https://sehatmadu.com/wp-admin/sMsnqVEHO/
exe.dropper

http://wayuansudamai.com/wp-includes/tUhChhCpcN/
exe.dropper

http://vnilla.com/cgi-bin/xdmlv_90ij5qu1-86492/
exe.dropper

http://vcontenidos.com/wp-admin/nzxnfyy9_x7u5tyux4w-71288/

Targets

    • Target

      132b80a7e447dfd6893270baa35d4a97fdccf1bf7306fe94f81233d1ea15bc9b

    • Size

      148KB

    • MD5

      ac311f203eee100fdf576e5b5510b761

    • SHA1

      560fd00010580f37b799d559fa7b8b5874101134

    • SHA256

      132b80a7e447dfd6893270baa35d4a97fdccf1bf7306fe94f81233d1ea15bc9b

    • SHA512

      507ecdc21e524ef02b72bfadd42c6a5d452fa7a0b124812a6057184b0f0a6d8c4a28861e926582dc34842de56c0d04f2fe628dfad04aa865369a4537d3526fa5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks