7028268ae4a5af19fc890c6745608aa69b3a729371a237fb6a732887213b0dda | Triage

Sharing

General

Target

7028268ae4a5af19fc890c6745608aa69b3a729371a237fb6a732887213b0dda
Size

23KB
Sample

221130-t5hppagb48
MD5

6fc10fd570bd65f39c8b92151805e6f0
SHA1

2430bf3cfc175b2939f214c1dd396865ccfb7a3f
SHA256

7028268ae4a5af19fc890c6745608aa69b3a729371a237fb6a732887213b0dda
SHA512

34aea2b30f0bced58a811f26967797f8e3396892a8d0b812c9245eded111f032544bba01b36d642702e4e45a1e4e21a7ce56b59eb375b6674c9451bfa745c94e
SSDEEP

384:HehHhSrxOfYv2gDufBT1RO8S5VdkvnQrAkipPOhs/AnBgJPHQ6atl:+ZyVv2gqfBvZGaDO+o2Y

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://fast-cargo.com/images/file/vb/VBS/3.vbs

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://fast-cargo.com/images/file/vb/VBS/3.vbs

Targets

- Target
  
  7028268ae4a5af19fc890c6745608aa69b3a729371a237fb6a732887213b0dda
- Size
  
  23KB
- MD5
  
  6fc10fd570bd65f39c8b92151805e6f0
- SHA1
  
  2430bf3cfc175b2939f214c1dd396865ccfb7a3f
- SHA256
  
  7028268ae4a5af19fc890c6745608aa69b3a729371a237fb6a732887213b0dda
- SHA512
  
  34aea2b30f0bced58a811f26967797f8e3396892a8d0b812c9245eded111f032544bba01b36d642702e4e45a1e4e21a7ce56b59eb375b6674c9451bfa745c94e
- SSDEEP
  
  384:HehHhSrxOfYv2gDufBT1RO8S5VdkvnQrAkipPOhs/AnBgJPHQ6atl:+ZyVv2gqfBvZGaDO+o2Y
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2