Overview

overview

10

Static

static

8

1word.doc

windows7-x64

10

1word.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1word.doc

  • Size

    188KB

  • Sample

    240222-af81ssha2x

  • MD5

    349d13ca99ab03869548d75b99e5a1d0

  • SHA1

    1b3e94bd3bcc8b7a227c118c536a52bc90d81a90

  • SHA256

    d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f

  • SHA512

    d931b526e072b5b88285b50bf4f4dec8662827c97f2e14551469f7c2d70bb1e85a2ce80b4a843254b189aaebc90178297ec85d48b912b4d88c2ef3f1059cbaa3

  • SSDEEP

    3072:cv4tcTvjvTY140818tIP4ovpk2xTednwR:ftcnvE140o8tIP4apk+TednwR

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://fortcollinsathletefactory.com/wp-admin/i/
exe.dropper

http://getming.com/forum/p/
exe.dropper

http://gaffa-music.com/cgi-bin/UM/
exe.dropper

http://frankfurtelfarolillo.com/laseu/c7/
exe.dropper

http://evilnerd.org/cgi-bin/nUi/
exe.dropper

http://gapesmm.org/old/M/
exe.dropper

http://grml.net/wp/C/

Targets

    • Target

      1word.doc

    • Size

      188KB

    • MD5

      349d13ca99ab03869548d75b99e5a1d0

    • SHA1

      1b3e94bd3bcc8b7a227c118c536a52bc90d81a90

    • SHA256

      d34849e1c97f9e615b3a9b800ca1f11ed04a92b1014f55aa0158e3fffc22d78f

    • SHA512

      d931b526e072b5b88285b50bf4f4dec8662827c97f2e14551469f7c2d70bb1e85a2ce80b4a843254b189aaebc90178297ec85d48b912b4d88c2ef3f1059cbaa3

    • SSDEEP

      3072:cv4tcTvjvTY140818tIP4ovpk2xTednwR:ftcnvE140o8tIP4apk+TednwR

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks