Overview

overview

10

Static

static

1

DHL-LHER00...3.docx

windows7-x64

10

DHL-LHER00...3.docx

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    DHL-LHER0006981753.docx

  • Size

    30KB

  • Sample

    240125-jqa17abeb9

  • MD5

    fb090bb6f92f0ad0f0ab27cdf57db31e

  • SHA1

    4b2da628635bd8244665663c61afe7a42f3a7c7e

  • SHA256

    fe66fb963813344af4305faaa4d3ced1390047228dcac18693c9b95ab88ee353

  • SHA512

    c4bd06cfce4ea894c26b521f6ea1a118ede1688632cae58f010c4170dd5f895825db5e6004f2f3de6cadb2160a93cbf3839f512bf399546d3dbab049590eeb87

  • SSDEEP

    768:fDmmamuFze6jTomfsRYKiAMx9Xg0mpBJGXspi:9n+66ICYYek9Xm16

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://wallpapercave.com/uwp/uwp4241942.png
exe.dropper

https://wallpapercave.com/uwp/uwp4241942.png

Targets

    • Target

      DHL-LHER0006981753.docx

    • Size

      30KB

    • MD5

      fb090bb6f92f0ad0f0ab27cdf57db31e

    • SHA1

      4b2da628635bd8244665663c61afe7a42f3a7c7e

    • SHA256

      fe66fb963813344af4305faaa4d3ced1390047228dcac18693c9b95ab88ee353

    • SHA512

      c4bd06cfce4ea894c26b521f6ea1a118ede1688632cae58f010c4170dd5f895825db5e6004f2f3de6cadb2160a93cbf3839f512bf399546d3dbab049590eeb87

    • SSDEEP

      768:fDmmamuFze6jTomfsRYKiAMx9Xg0mpBJGXspi:9n+66ICYYek9Xm16

    Score
    10/10

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks