Overview

overview

10

Static

static

8

E4_INV_pd0622463.doc

windows7-x64

10

E4_INV_pd0622463.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E4_INV_pd0622463.doc

  • Size

    206KB

  • Sample

    230328-rzj98abe99

  • MD5

    99a96323e20fc70cef855547068e34ba

  • SHA1

    98d4e8a4dacc02e9a64afbcc638631894f97dfaa

  • SHA256

    e67a24ae89683460405b6f1ecbac115fc549588234ccf8fcc34a174e9b179502

  • SHA512

    5eaa28a4ab909ae3816afc43f68a28891d460ae1db184955b157767e8029f3d34178e8a2721d0e89ed52e79540043fa5ec87773a38e19a3c7e8635f84392521c

  • SSDEEP

    1536:3QBLceqLDr80L1lKugpEWoKtMH1Ky2ccCEIOVFzwquIi0OymgBGvhY61LqB8T6IJ:ABLcXHr80sM7AI0OquZSm5vhYBjIGYD

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://gamaes.shop/wp-content/plugins/sSTToaEwCG5VASw/
exe.dropper

http://newsaarctech.com/wp-content/Sx9tvV5/
exe.dropper

http://www.fizik.tv.tr/ex/mlFHNKb9x/
exe.dropper

https://shopallcars.com/node_modules/dXF0W/
exe.dropper

https://infohybrid.com/assets/Lq5vllPN/
exe.dropper

http://fse.in.ua/layouts/WMIxdId0bHiS/GnfihOVGqjmsWPJg4/

Targets

    • Target

      E4_INV_pd0622463.doc

    • Size

      206KB

    • MD5

      99a96323e20fc70cef855547068e34ba

    • SHA1

      98d4e8a4dacc02e9a64afbcc638631894f97dfaa

    • SHA256

      e67a24ae89683460405b6f1ecbac115fc549588234ccf8fcc34a174e9b179502

    • SHA512

      5eaa28a4ab909ae3816afc43f68a28891d460ae1db184955b157767e8029f3d34178e8a2721d0e89ed52e79540043fa5ec87773a38e19a3c7e8635f84392521c

    • SSDEEP

      1536:3QBLceqLDr80L1lKugpEWoKtMH1Ky2ccCEIOVFzwquIi0OymgBGvhY61LqB8T6IJ:ABLcXHr80sM7AI0OquZSm5vhYBjIGYD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks