852814dff1f5436f435dd07b6e85bed63108e584904fd63f2ac684e678ff54b5 | Triage

Sharing

General

Target

852814dff1f5436f435dd07b6e85bed63108e584904fd63f2ac684e678ff54b5
Size

24KB
Sample

221130-tfeazagg4z
MD5

2074b0a024bd3ac6f1b4d89dbabab077
SHA1

c28cc5109d94307c149501dd805cd95c4afb7d69
SHA256

852814dff1f5436f435dd07b6e85bed63108e584904fd63f2ac684e678ff54b5
SHA512

5ba5b174bc1b5f83fbf0e0e776a70d37dc1e6ce4ca3f9aa60dea1b732981b3a1daf80f75442cfaf5c4539ef3d6bcd205380665dd3b0496bfe689b981ff567d03
SSDEEP

768:qEIo2CBP+PD85eIAr/caeu+dCcd97mSHH9:qItfBdCemIH9

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://acorn-paper.com/components/com_content/models/bs/s.vbs

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://acorn-paper.com/components/com_content/models/bs/s.vbs

Targets

- Target
  
  852814dff1f5436f435dd07b6e85bed63108e584904fd63f2ac684e678ff54b5
- Size
  
  24KB
- MD5
  
  2074b0a024bd3ac6f1b4d89dbabab077
- SHA1
  
  c28cc5109d94307c149501dd805cd95c4afb7d69
- SHA256
  
  852814dff1f5436f435dd07b6e85bed63108e584904fd63f2ac684e678ff54b5
- SHA512
  
  5ba5b174bc1b5f83fbf0e0e776a70d37dc1e6ce4ca3f9aa60dea1b732981b3a1daf80f75442cfaf5c4539ef3d6bcd205380665dd3b0496bfe689b981ff567d03
- SSDEEP
  
  768:qEIo2CBP+PD85eIAr/caeu+dCcd97mSHH9:qItfBdCemIH9
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2