Overview

overview

10

Static

static

8

047c12e5b0...5e.doc

windows7-x64

10

047c12e5b0...5e.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e

  • Size

    174KB

  • Sample

    221130-sf8n5sde9z

  • MD5

    29457933f07c5356e14671373b007290

  • SHA1

    a3c66f5d9bad7a567e8057601b0c2ba3aa47013a

  • SHA256

    047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e

  • SHA512

    e7bbef93b6bb7b8c0dadfbfa555bd7fabcb738ef460973cf2777f701991b3cdf6184a1c2cab2b758c0935e3f4a17d24b681021b11c21a6f7ea6ac89df45f6f60

  • SSDEEP

    3072:/77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qqa/fbxk7130dxXqxhz:/77HUUUUUUUUUUUUUUUUUUUT52Vda/f4

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://almowaredah.com/wp-content/bGZ/
exe.dropper

https://saberprotech.com/wp-admin/lano5J/
exe.dropper

https://brahmanbariatribune.com/wp-admin/CMQwB/
exe.dropper

http://tattoocum.xyz/wp-includes/KIkf4d/
exe.dropper

http://jasawebsite.online/wp-admin/HkM6/

Targets

    • Target

      047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e

    • Size

      174KB

    • MD5

      29457933f07c5356e14671373b007290

    • SHA1

      a3c66f5d9bad7a567e8057601b0c2ba3aa47013a

    • SHA256

      047c12e5b0018635d754472e7c0f89d3d699aa303f33dcabfc3ca3c4fceb2e5e

    • SHA512

      e7bbef93b6bb7b8c0dadfbfa555bd7fabcb738ef460973cf2777f701991b3cdf6184a1c2cab2b758c0935e3f4a17d24b681021b11c21a6f7ea6ac89df45f6f60

    • SSDEEP

      3072:/77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qqa/fbxk7130dxXqxhz:/77HUUUUUUUUUUUUUUUUUUUT52Vda/f4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks