d4a17c3071447cee6d6ad443c53ce575af8820533c7c1ede02793bdec211253f | Triage

Submit
Reports

Overview

overview

Static

static

8

PO#2022808...37.pps

windows7-x64

PO#2022808...37.pps

windows10-2004-x64

1

Sharing

General

Target

PO#202280894645&637.ppa
Size

88KB
Sample

220808-mjs5zahddp
MD5

e66f47a0d1972d2bc0c63a66f0a7313f
SHA1

0957f530dafc189bd8f225e766df0af824b0d490
SHA256

d4a17c3071447cee6d6ad443c53ce575af8820533c7c1ede02793bdec211253f
SHA512

d11312fe3bb0c750fa236487fb82cd6803c3e49921192afa9ea25bc640693aba7533afb95955ecfbed0898f4c16dd3fc299bfe9f143c58a87a57c576cffdec41

Score

10^/10

macro macro_on_action

Static task

static1

macro macro_on_action

1 signatures

Behavioral task

behavioral1

Sample

PO#202280894645&637.pps

Resource

win7-20220718-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO#202280894645&637.pps

Resource

win10v2004-20220721-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://bitbucket.org/!api/2.0/snippets/warzonepro/xE74pL/23b09005fce4aa8ca639c8efece136273f358586/files/devis2

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://bitbucket.org/!api/2.0/snippets/warzonepro/dk7dXq/70e7a3f4486531f18772c32194d7844ae03b17ff/files/devis222.txt

Targets

- Target
  
  PO#202280894645&637.ppa
- Size
  
  88KB
- MD5
  
  e66f47a0d1972d2bc0c63a66f0a7313f
- SHA1
  
  0957f530dafc189bd8f225e766df0af824b0d490
- SHA256
  
  d4a17c3071447cee6d6ad443c53ce575af8820533c7c1ede02793bdec211253f
- SHA512
  
  d11312fe3bb0c750fa236487fb82cd6803c3e49921192afa9ea25bc640693aba7533afb95955ecfbed0898f4c16dd3fc299bfe9f143c58a87a57c576cffdec41
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy