Overview

overview

10

Static

static

8

62dd57aeef...6f.doc

windows7-x64

10

62dd57aeef...6f.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62dd57aeef7f8e64910d09976baf1d7e3ac450a8fb11f3c20fd3fd0cb65bf76f

  • Size

    182KB

  • Sample

    221125-l18rbach4s

  • MD5

    1e4c741ea40495e47e04c532a8356b96

  • SHA1

    7f658a8b546320ace04b7e02d44341fb5335cd6c

  • SHA256

    62dd57aeef7f8e64910d09976baf1d7e3ac450a8fb11f3c20fd3fd0cb65bf76f

  • SHA512

    66d8c5c5b38ab54105cba3c4eace5565770c769f1545f589a2718ffd744877ac8124fbbd523133fa5ea8e6c8faebc26e47ddae7758080420fcbbd2f733543175

  • SSDEEP

    3072:A77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qGVHSlaf1iTRLx6fPlBL7MQuIZApAv:A77HUUUUUUUUUUUUUUUUUUUT52VzVga1

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://holipath.com/wp-includes/5_Z/
exe.dropper

http://malaysiaonline.tk/viseuf24jd/S_5f/
exe.dropper

http://gin-lovers.shop/cgi-bin/T_I/
exe.dropper

http://malalai.com.br/site/kX_z/
exe.dropper

http://icloudbackup.com.br/wp/b_y/

Targets

    • Target

      62dd57aeef7f8e64910d09976baf1d7e3ac450a8fb11f3c20fd3fd0cb65bf76f

    • Size

      182KB

    • MD5

      1e4c741ea40495e47e04c532a8356b96

    • SHA1

      7f658a8b546320ace04b7e02d44341fb5335cd6c

    • SHA256

      62dd57aeef7f8e64910d09976baf1d7e3ac450a8fb11f3c20fd3fd0cb65bf76f

    • SHA512

      66d8c5c5b38ab54105cba3c4eace5565770c769f1545f589a2718ffd744877ac8124fbbd523133fa5ea8e6c8faebc26e47ddae7758080420fcbbd2f733543175

    • SSDEEP

      3072:A77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qGVHSlaf1iTRLx6fPlBL7MQuIZApAv:A77HUUUUUUUUUUUUUUUUUUUT52VzVga1

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks