Overview

overview

10

Static

static

8

top.pps

windows7-x64

10

top.pps

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    top.ppa

  • Size

    107KB

  • Sample

    230424-mkbmbach6s

  • MD5

    ce4c22fb1f1d83002fdb009744fc1b89

  • SHA1

    5c07aa807a91f10466116398b1229a21e717b577

  • SHA256

    125d1d308f8413f06a1b3de8537f7aa5d7d1951c97b8e5229d14367eb05b325a

  • SHA512

    994813803016204719dca6091b7817c649488490e5bbb1531a12b2c3fac973e01d17358da3f2ad9d4f8ed0fdb97aa4a5dcf986e93e137ab87fd6e49310760712

  • SSDEEP

    768:zLnjq8i2s5xgumn7PWY7k75SMkG9XEut6DqQ2TOG:HG8Ds5WJnygk/9XgDqQ2

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://i.top4top.io/p_1644x1sq02.jpg

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://h.top4top.io/p_1644ilib41.jpg

Targets

    • Target

      top.ppa

    • Size

      107KB

    • MD5

      ce4c22fb1f1d83002fdb009744fc1b89

    • SHA1

      5c07aa807a91f10466116398b1229a21e717b577

    • SHA256

      125d1d308f8413f06a1b3de8537f7aa5d7d1951c97b8e5229d14367eb05b325a

    • SHA512

      994813803016204719dca6091b7817c649488490e5bbb1531a12b2c3fac973e01d17358da3f2ad9d4f8ed0fdb97aa4a5dcf986e93e137ab87fd6e49310760712

    • SSDEEP

      768:zLnjq8i2s5xgumn7PWY7k75SMkG9XEut6DqQ2TOG:HG8Ds5WJnygk/9XgDqQ2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks