eeafcdef94d71214d03a23f7d7aa75feec16f1c00152a6598cd51859921be29b

Sharing

Copy URL Twitter E-mail

General

Target

Office 2021.7z
Size

11.2MB
Sample

230113-vedhqaae97
MD5

f0dc586a5a538de3e346500ece1d46af
SHA1

827643662ffa8ade2cd074535c36aa535d2d4e6d
SHA256

eeafcdef94d71214d03a23f7d7aa75feec16f1c00152a6598cd51859921be29b
SHA512

79edabff8819390ef27f71820389c554f48e0b58c211a6f10ef7124ab4fa2e1681177b5c662be626aa236e17b6b66deaacd9ce5d4c16bcc5ac8efadc32f0b513
SSDEEP

196608:E9SezaLAk+qKN+eI9jhTtbY6nx7PjGy4lVE9jGXFJwFxNhPU11EvwkHBrBjIrLjY:gSeqM89jb/xj19qwFxMPRkHBJIrLgD

Score

10^/10

upx

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/16.0.14332.20447/i640.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/16.0.14332.20447/i643082.cab

Targets

- Target
  
  Office 2021.7z
- Size
  
  11.2MB
- MD5
  
  f0dc586a5a538de3e346500ece1d46af
- SHA1
  
  827643662ffa8ade2cd074535c36aa535d2d4e6d
- SHA256
  
  eeafcdef94d71214d03a23f7d7aa75feec16f1c00152a6598cd51859921be29b
- SHA512
  
  79edabff8819390ef27f71820389c554f48e0b58c211a6f10ef7124ab4fa2e1681177b5c662be626aa236e17b6b66deaacd9ce5d4c16bcc5ac8efadc32f0b513
- SSDEEP
  
  196608:E9SezaLAk+qKN+eI9jhTtbY6nx7PjGy4lVE9jGXFJwFxNhPU11EvwkHBrBjIrLjY:gSeqM89jb/xj19qwFxMPRkHBJIrLgD
Score

3^/10
behavioral1 behavioral2
- Target
  
  Office 2021/OInstall.exe
- Size
  
  10.9MB
- MD5
  
  ebc58647462ad9c76395ef451064d115
- SHA1
  
  14e470812f13b278b2694a4cec5737a39784e9dd
- SHA256
  
  414155bf11893ec64ba0f4ffb7de92885090845a0761cf8f6743462aa5991d5e
- SHA512
  
  8a9ef093d151957ae3c4c8e572fcdbd2198398c95ff8186d532853856c12c8f9ae7408c4f24518c5903faa517ea4e1d5779e797c5a4d850073fbee3ab801e8cc
- SSDEEP
  
  196608:2ZnMGjZsDEsCaYsGEHy61bgUhufRswPU2/V8Gd83/PALDP0PiaQxhwf+9zYul28S:WnjZhsCOU6ZgfPPPuGdnv0fzfoDYtB
Score

10^/10

upx
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  out.upx
- Size
  
  21.0MB
- MD5
  
  2c22fcc013884b4ea343d876247e5196
- SHA1
  
  90c475bf4bb22ae79c3b2be4b5d643de0aa9d151
- SHA256
  
  5008055b25fc111c1c760784c564b73d28f4cd53de3688ebf2227877e3f580d9
- SHA512
  
  05fa440e2eb5612fbc46a49bde486dd029d29075f18f755e4533b29110fad92323a01e1b93d6a757c0bd5a6d6babd778eeb35fcc4366644e22d1925a29edfd87
- SSDEEP
  
  393216:3wnHGmatMXWkBuiDPRmWbohOyMjBoiDBsVz3kK6VjfEqzFW:jftNkLDpmio/RkK69Eqz
Score

1^/10
behavioral5 behavioral6
- Target
  
  Office 2021/autorun.inf
- Size
  
  187B
- MD5
  
  ead673a9a0a0a2c61fcfd638e5f7504b
- SHA1
  
  26b31454f70eb7a10daa7cceb01f3c634461c9e7
- SHA256
  
  552be66ed2c0b22d4a413ca262c95e356292813f9f44d1f719d0eb8a70997e6d
- SHA512
  
  a2f4235e234e902be9d0fb2eb5de5135a48ffe45ad172c29cbd8379b5659aead2b351b86039edddae9f6d62dfa40b284f888e62c193a11e055ede868f80fc8ff
Score

1^/10
behavioral7 behavioral8
- Target
  
  Office 2021/files/Configure.xml
- Size
  
  896B
- MD5
  
  833c73375131be102adee8d3634ae817
- SHA1
  
  43314c61d3e3c3a2f0590b31edb48c475eba0952
- SHA256
  
  564bb48f40ddd861a0603487dd46dab646beaa672259c7899141d8424a673e36
- SHA512
  
  dd5449677c18c95406eab01a51554087461adaa1bf65cf6069c26cdd42736cb02222d637af4b00bf002fb745b20866e6a1302d1a2b026d59c5ddc2c1320b14fa
Score

1^/10
behavioral10 behavioral9
- Target
  
  Office 2021/files/Uninstall.xml
- Size
  
  59B
- MD5
  
  364f86f97324ea82fe0d142cd01cf6dd
- SHA1
  
  fc2a45da2ede0c018ab8e46044e6a25765c27d99
- SHA256
  
  09d5b42140bab13165ba97fbd0e77792304c3c93555be02c3dce21a7a69c66dd
- SHA512
  
  9b0a0944535e25c944e01bed1674efff119505292b176287c0dad3db70ffc4244cff21cccfd1fd94b09dd6d5f84221930b66b210101e482cc4bb5df3311a5fdf
Score

1^/10
behavioral11 behavioral12
- Target
  
  Office 2021/files/x64/cleanospp.exe
- Size
  
  19KB
- MD5
  
  162ab955cb2f002a73c1530aa796477f
- SHA1
  
  d30a0e4e5911d3ca705617d17225372731c770e2
- SHA256
  
  5ce462e5f34065fc878362ba58617fab28c22d631b9d836dddcf43fb1ad4de6e
- SHA512
  
  e0288dcf78092449d9cbaef4488041131925387c1aedc9e9512da0f66efe2fb68350ca3937f6715834e62e7c931c5dad0fc8bc3c6c0c3daedeff356d6feaac2e
- SSDEEP
  
  384:gQAInWKpEFFzpjq37oIOU6GHq33QPiu431VP:gxWTpOFagUb2qiu43P
Score

1^/10
behavioral13 behavioral14
- Target
  
  Office 2021/files/x64/msvcr100.dll
- Size
  
  809KB
- MD5
  
  df3ca8d16bded6a54977b30e66864d33
- SHA1
  
  b7b9349b33230c5b80886f5c1f0a42848661c883
- SHA256
  
  1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36
- SHA512
  
  951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0
- SSDEEP
  
  12288:3gzGPEett9Mw9HfBCddjMb2NQVmTW752fmyyKWeHQGokozS:QzJetPMw9HfBCrMb2Kc6ymyyKWewGzUS
Score

3^/10
behavioral15 behavioral16
- Target
  
  Office 2021/files/x86/cleanospp.exe
- Size
  
  17KB
- MD5
  
  5fd363d52d04ac200cd24f3bcc903200
- SHA1
  
  39ed8659e7ca16aaccb86def94ce6cec4c847dd6
- SHA256
  
  3fdefe2ad092a9a7fe0edf0ac4dc2de7e5b9ce6a0804f6511c06564194966cf9
- SHA512
  
  f8ea73b0cb0a90fac6032a54028c60119022173334e68db3fbd63fe173032dd3fc3b438678064edb8c63d4eceaa72990ce039819df3d547d7d7627ad2eee36b3
- SSDEEP
  
  192:Xdaz2FKIaphXuVX3uKny+gASTGWyQG0eJIL+uVl9tUDY5Kajjtl9w++zOzrPwaur:NbFuUOvAiG0gIVDKDYgmh02HPwzi3An
Score

1^/10
behavioral17 behavioral18
- Target
  
  Office 2021/files/x86/msvcr100.dll
- Size
  
  755KB
- MD5
  
  bf38660a9125935658cfa3e53fdc7d65
- SHA1
  
  0b51fb415ec89848f339f8989d323bea722bfd70
- SHA256
  
  60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
- SHA512
  
  25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1
- SSDEEP
  
  12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
Score

3^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Blocklisted process makes network request

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20