601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3 | Triage

Submit
Reports

Overview

overview

Static

static

8

601804d143...a3.doc

windows7-x64

601804d143...a3.doc

windows10-2004-x64

Sharing

General

Target

601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
Size

187KB
Sample

221125-k45ndsag7s
MD5

fd0c0ac454f459acc1cd124fd097740a
SHA1

741cb7d37dbb4ca805174a194dbf9eb4f51ad727
SHA256

601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
SHA512

3322095ab7ac72b5de7a531ef85637892fe1f7cf62c65f1179d7abb7d38070c06e0e14236e6db0093ba4662f84d936e232a17ebe4bb2d11ba57b84ca0d3983c2
SSDEEP

3072:w77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qgKFCS0JKoVqP4dLQitFzhgDhCR:w77HUUUUUUUUUUUUUUUUUUUT52VNS0J5

Score

10^/10

macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3.doc

Resource

win7-20221111-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3.doc

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://ingenla.com/wp-content/XA_fj/

exe.dropper

http://ises.com.pl/wp-admin/n2_df/

exe.dropper

http://hicast.tn/wp-includes/8_X/

exe.dropper

https://jcci-card.vn/wp-includes/O_R8/

exe.dropper

http://appcost.win/noerk24jt/m_c/

Targets

- Target
  
  601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
- Size
  
  187KB
- MD5
  
  fd0c0ac454f459acc1cd124fd097740a
- SHA1
  
  741cb7d37dbb4ca805174a194dbf9eb4f51ad727
- SHA256
  
  601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
- SHA512
  
  3322095ab7ac72b5de7a531ef85637892fe1f7cf62c65f1179d7abb7d38070c06e0e14236e6db0093ba4662f84d936e232a17ebe4bb2d11ba57b84ca0d3983c2
- SSDEEP
  
  3072:w77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qgKFCS0JKoVqP4dLQitFzhgDhCR:w77HUUUUUUUUUUUUUUUUUUUT52VNS0J5
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy