Overview

overview

10

Static

static

8

b4a9250c39...46.doc

windows7-x64

10

b4a9250c39...46.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b4a9250c39bf5f5b9f4c63bb25bae3d9b54c4e94e8797d40925cd422c8b5e946.7z

  • Size

    36KB

  • Sample

    221102-q9jk1ahce5

  • MD5

    0fbd136010a8cbeaa234fe6b12411f16

  • SHA1

    deb902c3d271ba751091625da075365248a146bf

  • SHA256

    8e7c8559f8e55dc46c1ee9eb88994895bfc6b65f59dca19baa6d5aa6ddb34f62

  • SHA512

    a1bcf5c390107d0c12ea591dfd114ba5bd82756d4a6218882012e11dab81c9a1b863410db9ecd2eff59b6a08a8ed6789204b71f85ec1897f4c2d5a53c5cf0d72

  • SSDEEP

    768:WUJhGFPdofYIFC5xTvKfyBqqViwoaQUjga079FOBDF8nJ3gy8Px5a3xWvXx:BeFVmYIFQTifhqT7QUPkc8qVMmXx

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://fbertr90.email/iwp01-2ksm/20918201.php?l=jsrxm5.sap

Targets

    • Target

      b4a9250c39bf5f5b9f4c63bb25bae3d9b54c4e94e8797d40925cd422c8b5e946

    • Size

      70KB

    • MD5

      497644181af1d32fb59192288d2a3e51

    • SHA1

      7f887359da688a17e9eccb770bfe4e0706d41d29

    • SHA256

      b4a9250c39bf5f5b9f4c63bb25bae3d9b54c4e94e8797d40925cd422c8b5e946

    • SHA512

      d714c332e94f0e7bcabf005f82455ffc29705ece1b3885b019e4124bfa7ecae73abd2a6e71d19921e0d9ce055a820d35af174a2f867c1f187ea22fae3d33f3e3

    • SSDEEP

      768:e8GblB8aJxzYFL7kYxTWwFPMfW9IDOUMEHOLPvOQHcluDsfMmSbcbK3y4q4vDbxu:eHpY3TFd1MfWNRSSCSxyB4vDb32

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks