Overview

overview

10

Static

static

8

SecuriteIn...24.xls

windows7-x64

10

SecuriteIn...24.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17149.12724.3071

  • Size

    38KB

  • Sample

    220816-jlgyyahac3

  • MD5

    7ad12537579ad48c286ccffbd98288f7

  • SHA1

    7187d653f96f28659ea269a394109819ad712ee5

  • SHA256

    324baa01c3619333075deb6dd0b3f6c1c9d6bc13d9b1a736db5465f53ab94226

  • SHA512

    06e5ddab59b3af1fa4b38d079d8217da8fd16af5ce4280a7b7f2ce1595b32960a9f5bba1cf65bd7ddf2828d0615a2ff49c45f8fbac8d9730ea2ca542b55eb4a1

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://facextrade.com.br/wp-includes/certificates/4.txt

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17149.12724.3071

    • Size

      38KB

    • MD5

      7ad12537579ad48c286ccffbd98288f7

    • SHA1

      7187d653f96f28659ea269a394109819ad712ee5

    • SHA256

      324baa01c3619333075deb6dd0b3f6c1c9d6bc13d9b1a736db5465f53ab94226

    • SHA512

      06e5ddab59b3af1fa4b38d079d8217da8fd16af5ce4280a7b7f2ce1595b32960a9f5bba1cf65bd7ddf2828d0615a2ff49c45f8fbac8d9730ea2ca542b55eb4a1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks