Overview

overview

10

Static

static

8

NEAS.d022f...80.doc

windows7-x64

10

NEAS.d022f...80.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.d022f27176c2d73d42400506762bb880.doc

  • Size

    91KB

  • Sample

    231105-zqjlbsce6y

  • MD5

    d022f27176c2d73d42400506762bb880

  • SHA1

    eec0e516f148cad711f6fa13f27c0b01dddaabf1

  • SHA256

    00d367f2d508dca3c01a99e8a34c853215681e92237ac092de6eddd15e79ac2c

  • SHA512

    7c66d75163d2ea7c40577b9c853aec658aa6fad8818168ae2f28bfcbaf40762d01726a41211d5e9cc49f5944c2a0bd2d4312fe88b8dc86de9d90bc77298b423a

  • SSDEEP

    1536:Docn1kp59gxBK85fBARjCTM4Yv54+a9k9:c41k/W48mjCgdR5

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://liarla.com/RqAjQLJlx
exe.dropper

http://espasat.com/1YbH45y
exe.dropper

http://latuconference.com/wp-content/uploads/vvl9XHG
exe.dropper

http://dirtyactionsports.com/vVgr4dva
exe.dropper

http://demign.com/PGT53cb

Targets

    • Target

      NEAS.d022f27176c2d73d42400506762bb880.doc

    • Size

      91KB

    • MD5

      d022f27176c2d73d42400506762bb880

    • SHA1

      eec0e516f148cad711f6fa13f27c0b01dddaabf1

    • SHA256

      00d367f2d508dca3c01a99e8a34c853215681e92237ac092de6eddd15e79ac2c

    • SHA512

      7c66d75163d2ea7c40577b9c853aec658aa6fad8818168ae2f28bfcbaf40762d01726a41211d5e9cc49f5944c2a0bd2d4312fe88b8dc86de9d90bc77298b423a

    • SSDEEP

      1536:Docn1kp59gxBK85fBARjCTM4Yv54+a9k9:c41k/W48mjCgdR5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks