Overview

overview

10

Static

static

8

60ad4099e5...76.doc

windows7-x64

10

60ad4099e5...76.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60ad4099e56ed5a8fddb63395b0e0032726b5aaf47a71d590dddf147b433a976

  • Size

    41KB

  • Sample

    221125-1jmj3sgg72

  • MD5

    ac5e2c5bf3ba98b1d0fab9b762dc18b5

  • SHA1

    d4b5de6534f3bc78d69c551394cf93d2ae99c8f4

  • SHA256

    60ad4099e56ed5a8fddb63395b0e0032726b5aaf47a71d590dddf147b433a976

  • SHA512

    018c0eaada7b987ca3c5f0afbf8e2ba54ebc28c0e71da6ebb36e7c7272b1d5d1380b0b77d2868ef7ba66aeb24a25dc6865614cbad3accedd39abf16bdcb4a51e

  • SSDEEP

    384:uvc2AjFPbVOJ3J9isMjWCGSWba/JVZ0jLYAxmtV:8OTu3XaXW2dEYAO

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://185.48.56.62:8080/hhacz45a/mnnmz.php

Targets

    • Target

      60ad4099e56ed5a8fddb63395b0e0032726b5aaf47a71d590dddf147b433a976

    • Size

      41KB

    • MD5

      ac5e2c5bf3ba98b1d0fab9b762dc18b5

    • SHA1

      d4b5de6534f3bc78d69c551394cf93d2ae99c8f4

    • SHA256

      60ad4099e56ed5a8fddb63395b0e0032726b5aaf47a71d590dddf147b433a976

    • SHA512

      018c0eaada7b987ca3c5f0afbf8e2ba54ebc28c0e71da6ebb36e7c7272b1d5d1380b0b77d2868ef7ba66aeb24a25dc6865614cbad3accedd39abf16bdcb4a51e

    • SSDEEP

      384:uvc2AjFPbVOJ3J9isMjWCGSWba/JVZ0jLYAxmtV:8OTu3XaXW2dEYAO

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks