f9061982b077c8c84ea6c818f2cc4e3253f86e063198ab5ee5e6243d2ac530b4 | Triage

Sharing

General

Target

D.zip
Size

40KB
Sample

230425-nektgaaa94
MD5

cebd4769e7524f4864a3cda3d60de4c6
SHA1

ee604eb46005a4128b0b9adba4294312cd6536f1
SHA256

f9061982b077c8c84ea6c818f2cc4e3253f86e063198ab5ee5e6243d2ac530b4
SHA512

bebfc9461872b9736503acd61be04c3746e2d1df960239b2d2af29f2088125a84caa3c0b1c64957d4f0cdb07196d353111e99827b85d115d08410f36087543fd
SSDEEP

768:skFNCbfc6wvZrR+60vZcnpMBg1ctXJa9LDR33RhAh3DVevMN3/Go4+gbZ:sKNWf2n+lcuBg1cRJa9LDR3zYES3eo49

Score

10^/10

Malware Config

Targets

- Target
  
  F280.wsf
- Size
  
  90KB
- MD5
  
  9da299ca72f63ef554703fd57c507984
- SHA1
  
  67e9fd1fcd0bf7131388e2c756eb9e301000dfc6
- SHA256
  
  a71f012d743644762cb6c2aad061dfd019a9dcbade25b060a38215739b164426
- SHA512
  
  b4534e6ae5f1a04f483a4dfd2d43c71cc72f00dc0732d67f7f5175de47909e99ced4c8140fbc1fc5f1b539826d7eeeb6de1e633cf70b2bfc817324d19b5103d0
- SSDEEP
  
  1536:lKYw0WpifXl3DbqhbSJjrRgV+G6r717K+f1VdueRRXVRA6U49rZxWJ:LZWkXBbjmer7Y+frgeTVRw49U
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2