Overview

overview

10

Static

static

56e1c53a46...1b.doc

windows7-x64

10

56e1c53a46...1b.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56e1c53a46d85798f576d90c23c0314c08f29c17b19ffcfeef5632462b89711b

  • Size

    123KB

  • Sample

    220731-kczcasgbf3

  • MD5

    af59cec0ded6240048d49d49a1f73ba2

  • SHA1

    b9b2583cc8d108c847e9c4c50e7f28cc6273729e

  • SHA256

    56e1c53a46d85798f576d90c23c0314c08f29c17b19ffcfeef5632462b89711b

  • SHA512

    366452925811dcbf8387e94d57c4f902fc0855cf2e174ca7d9a64c5952bc3e21301f8234a2f5784cfebedc537fa238592393942ef5a9cf0710bc8892b52ddc57

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://adacan.net/cgi-bin/ArQlYWTG/
exe.dropper

http://www.czabk.com/wp-admin/EdQdoGnbBz/
exe.dropper

http://www.ri-magazine.com/ri/usod7inlc3_a8bolt-35/
exe.dropper

http://www.shang-ding.com.tw/phpmyadmin/ze24yvvom_tkdpml34w-56049/
exe.dropper

http://www.tafa.pxlcorp.com/wp-includes/xEVKeyGS/

Targets

    • Target

      56e1c53a46d85798f576d90c23c0314c08f29c17b19ffcfeef5632462b89711b

    • Size

      123KB

    • MD5

      af59cec0ded6240048d49d49a1f73ba2

    • SHA1

      b9b2583cc8d108c847e9c4c50e7f28cc6273729e

    • SHA256

      56e1c53a46d85798f576d90c23c0314c08f29c17b19ffcfeef5632462b89711b

    • SHA512

      366452925811dcbf8387e94d57c4f902fc0855cf2e174ca7d9a64c5952bc3e21301f8234a2f5784cfebedc537fa238592393942ef5a9cf0710bc8892b52ddc57

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks