4142fcde447fc96fe3b95e93be525cdf365723c74481bfb3f36b192d85c04656 | Triage

Sharing

General

Target

4142fcde447fc96fe3b95e93be525cdf365723c74481bfb3f36b192d85c04656
Size

18KB
Sample

221130-szwhxsce96
MD5

53ce86cf81a90b586e47a623ae7918e0
SHA1

db92cd464b596aec58dc5550054ed561290086b0
SHA256

4142fcde447fc96fe3b95e93be525cdf365723c74481bfb3f36b192d85c04656
SHA512

bb7aef7718d5862753da14bd1a69550c3322e9e861925b80d13289df64ec063306e7db3413b7aad73c1ffcfedb3571c26ecdb322559388c9e107174b6035ca16
SSDEEP

384:HestWmoXjCLOpE/UyzdRdRP/kMwbYmbaNAWUZasA0JPHQxau6:+sCCKE/U4j9/kMAYmuNvwcT4

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://onedrivenet.xyz/work/p.vbs

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://onedrivenet.xyz/work/p.vbs

Targets

- Target
  
  4142fcde447fc96fe3b95e93be525cdf365723c74481bfb3f36b192d85c04656
- Size
  
  18KB
- MD5
  
  53ce86cf81a90b586e47a623ae7918e0
- SHA1
  
  db92cd464b596aec58dc5550054ed561290086b0
- SHA256
  
  4142fcde447fc96fe3b95e93be525cdf365723c74481bfb3f36b192d85c04656
- SHA512
  
  bb7aef7718d5862753da14bd1a69550c3322e9e861925b80d13289df64ec063306e7db3413b7aad73c1ffcfedb3571c26ecdb322559388c9e107174b6035ca16
- SSDEEP
  
  384:HestWmoXjCLOpE/UyzdRdRP/kMwbYmbaNAWUZasA0JPHQxau6:+sCCKE/U4j9/kMAYmuNvwcT4
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2