Overview

overview

10

Static

static

8

PO#1487958_10.pps

windows7-x64

10

PO#1487958_10.pps

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#1487958_10.ppa

  • Size

    88KB

  • Sample

    220809-g2lwqaebal

  • MD5

    efa5a55ed027ab21d30fd82082754f6a

  • SHA1

    020c5601a43beb6d9b54efa78c05e4154e60173c

  • SHA256

    6952750e2b248cb0cac7f33e2d81061f8d2635919feac3ad299a873389b3d880

  • SHA512

    f57d3c993f008960c3e06b401769a2169d0074d25a24a1a832058809fb903b4682f7e6a0bb505a166e2e0a23cd92bce9ddead5e172d3e0d62c0b855a5aa7eebf

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://bitbucket.org/!api/2.0/snippets/warzonepro/KME7g4/7678df565d5a8824274645a03590fc72588243f0/files/orignalfinal

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://bitbucket.org/!api/2.0/snippets/warzonepro/pE749g/3c167f11be3c255d4ff471aeab79597df9268f4d/files/orignal.txt

Targets

    • Target

      PO#1487958_10.ppa

    • Size

      88KB

    • MD5

      efa5a55ed027ab21d30fd82082754f6a

    • SHA1

      020c5601a43beb6d9b54efa78c05e4154e60173c

    • SHA256

      6952750e2b248cb0cac7f33e2d81061f8d2635919feac3ad299a873389b3d880

    • SHA512

      f57d3c993f008960c3e06b401769a2169d0074d25a24a1a832058809fb903b4682f7e6a0bb505a166e2e0a23cd92bce9ddead5e172d3e0d62c0b855a5aa7eebf

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks