Overview

overview

10

Static

static

8

392cf532a5...28.doc

windows7-x64

10

392cf532a5...28.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    392cf532a59be6666f115ba88be6f0d8b06d693efa9df7c7a7a064a91036e728.zip

  • Size

    47KB

  • Sample

    230319-l37a9saa31

  • MD5

    bf7146e7658d3cc55ae5e83b3aa06f60

  • SHA1

    2f55350816f4946d7dff8e1cc84cfb2354bd6283

  • SHA256

    71bd333ec746fde9a59e2c6b08220f06eb2dbe386a47aedc183e84b0787ad5d2

  • SHA512

    688ef373ad8ee5d38d40505f8a8c8a10574f0aa102e0266bab669f81b6a517d0bf63aa58bdbd8dac66334e95c545a9ded1ca90f9cae84f6e8545f141b1840821

  • SSDEEP

    768:YbxviYjBYTLqpRsb11MJX7MqvTro8Kj+8L3MWR+pv30/zLE+c2rnNG7E:gx6wBYqc5ioq3XKj+GMWwB30/cUNGA

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://liarla.com/RqAjQLJlx
exe.dropper

http://espasat.com/1YbH45y
exe.dropper

http://latuconference.com/wp-content/uploads/vvl9XHG
exe.dropper

http://dirtyactionsports.com/vVgr4dva
exe.dropper

http://demign.com/PGT53cb

Targets

    • Target

      392cf532a59be6666f115ba88be6f0d8b06d693efa9df7c7a7a064a91036e728

    • Size

      91KB

    • MD5

      72a9e07df484abded0ea6d59ff4ab59d

    • SHA1

      579c684ddef4753db317daf110040cdbeacefa29

    • SHA256

      392cf532a59be6666f115ba88be6f0d8b06d693efa9df7c7a7a064a91036e728

    • SHA512

      2617f5c93137c7879a1e7a48333fe38a0a30e8e6cd90d341874a006e02b98c26e93efe7286441deedb5736484bbe9ae4c79666b2c13d47a536e80bfe98b59f5e

    • SSDEEP

      1536:Docn1kp59gxBK85fBARjCTM4Yv54+a9kX:c41k/W48mjCgdRb

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks