Overview

overview

10

Static

static

8

4ed3b936d9...0d.doc

windows7-x64

10

4ed3b936d9...0d.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ed3b936d9b0ffb44be013208f756abbca27cca3ee96b46494369f2e82aa430d

  • Size

    159KB

  • Sample

    221125-k684lafe33

  • MD5

    2abc2a9e9fe7323678681a2e7eeaea56

  • SHA1

    5ece19aaa636c94321694d9eaa4ba936bba54760

  • SHA256

    4ed3b936d9b0ffb44be013208f756abbca27cca3ee96b46494369f2e82aa430d

  • SHA512

    bbf3e6fe257bc98ca34efe9d02bdd093ec4032bb0d11acb7e0426bc98c703a030f1b3886a2fd977a92c64a1ba29e6e7bf088e94e485fbb7fa83ccbedab087b29

  • SSDEEP

    1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9TLln2/5k+:9rfrzOH98ipg3L05k+

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://wynn838.com/wp-content/enE/
exe.dropper

https://sertres.com/ivmej/p/
exe.dropper

https://viaje-achina.com/wp-admin/aG/
exe.dropper

https://aszcasino.com/aszdemo/AGA/
exe.dropper

https://bintangremaja.com/wp-content/U/
exe.dropper

https://phongkhamthaiduongbienhoa.vn/wp-admin/Z/
exe.dropper

http://hk.olivellaline.com/gbi1e/2/

Targets

    • Target

      4ed3b936d9b0ffb44be013208f756abbca27cca3ee96b46494369f2e82aa430d

    • Size

      159KB

    • MD5

      2abc2a9e9fe7323678681a2e7eeaea56

    • SHA1

      5ece19aaa636c94321694d9eaa4ba936bba54760

    • SHA256

      4ed3b936d9b0ffb44be013208f756abbca27cca3ee96b46494369f2e82aa430d

    • SHA512

      bbf3e6fe257bc98ca34efe9d02bdd093ec4032bb0d11acb7e0426bc98c703a030f1b3886a2fd977a92c64a1ba29e6e7bf088e94e485fbb7fa83ccbedab087b29

    • SSDEEP

      1536:kcLzncLzMrdi1Ir77zOH98Wj2gpngx+a9TLln2/5k+:9rfrzOH98ipg3L05k+

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks