Overview

overview

10

Static

static

8

sample.doc

windows7-x64

10

sample.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    sample.doc

  • Size

    68KB

  • Sample

    230508-mjjljabh9t

  • MD5

    b8ec7d16acf6131c28a1f339dab3fee0

  • SHA1

    a6e15e55eeee5e652a11cfbce701e55c0cfddaae

  • SHA256

    188b4e00fb268101935d345bb3a0b55e2141db18a8b438f90d37a7645b48dea3

  • SHA512

    af71825f8c76e1633c8ad1a84fa9925e0ee30923bb848a03f8c9aa44424bb61b09da08bd37a4a23ff2e3abed5d338c8dd0b2a124e59e3436b35449a2001d1083

  • SSDEEP

    1536:ADMemeY5C6OJsdBpZWo2at64mSR6kfxrtl:A4emeY5CTsdAzNSR6kJz

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://folckwanderers.com/wp-includes/t673/
exe.dropper

http://norikkon.com/administrator/020/
exe.dropper

http://compworldinc.com/browse/70676/
exe.dropper

http://freelancedigitales.com/keo/ekb98m90542/
exe.dropper

http://purviitech.com/111/dtl227/

Targets

    • Target

      sample.doc

    • Size

      68KB

    • MD5

      b8ec7d16acf6131c28a1f339dab3fee0

    • SHA1

      a6e15e55eeee5e652a11cfbce701e55c0cfddaae

    • SHA256

      188b4e00fb268101935d345bb3a0b55e2141db18a8b438f90d37a7645b48dea3

    • SHA512

      af71825f8c76e1633c8ad1a84fa9925e0ee30923bb848a03f8c9aa44424bb61b09da08bd37a4a23ff2e3abed5d338c8dd0b2a124e59e3436b35449a2001d1083

    • SSDEEP

      1536:ADMemeY5C6OJsdBpZWo2at64mSR6kfxrtl:A4emeY5CTsdAzNSR6kJz

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks