Overview

overview

10

Static

static

8

9afa90370c...0d.xls

windows7-x64

10

9afa90370c...0d.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d

  • Size

    126KB

  • Sample

    221128-t99c7sdg8z

  • MD5

    7f63dcb886bd5b8660e8c4739083dae6

  • SHA1

    aad3fa063865cbd4146883a6a921ec3133d94398

  • SHA256

    9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d

  • SHA512

    97d2715b2517b28700c8a9cf9fcb1a45e6c208c251f31e10e4a47804dd89399da6a6f751f6b31c0a6b1e616f1110c1ff3f5fa042f67825615a01fe3dd2244030

  • SSDEEP

    1536:WdKcpx2Sk/8E3NEN1vn5jG685uUDf44fAg:4AxdEzvn5jb8cU

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://85.143.166.190/asdvx/fghs.php

Targets

    • Target

      9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d

    • Size

      126KB

    • MD5

      7f63dcb886bd5b8660e8c4739083dae6

    • SHA1

      aad3fa063865cbd4146883a6a921ec3133d94398

    • SHA256

      9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d

    • SHA512

      97d2715b2517b28700c8a9cf9fcb1a45e6c208c251f31e10e4a47804dd89399da6a6f751f6b31c0a6b1e616f1110c1ff3f5fa042f67825615a01fe3dd2244030

    • SSDEEP

      1536:WdKcpx2Sk/8E3NEN1vn5jG685uUDf44fAg:4AxdEzvn5jb8cU

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks