Overview

overview

10

Static

static

8

82b065a48e...a6.doc

windows7-x64

10

82b065a48e...a6.doc

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    351c3a50af2ad8170fe08c58d2c8a4b3f953e459291d1304efe966d292387a7c

  • Size

    49KB

  • Sample

    240520-gevv4seb22

  • MD5

    5d6c6d1add2c6354c6dbe2c6b1c62434

  • SHA1

    e544b80160dea1980b1a85934d8665ea02df9534

  • SHA256

    351c3a50af2ad8170fe08c58d2c8a4b3f953e459291d1304efe966d292387a7c

  • SHA512

    1471dc3d8302423f8daf431cb70cf49609cac3de05d87a6f7485088b494b162167440f650e19a8601a64502a6ee4dfb5800b28a8344c3c7316766861edcb2118

  • SSDEEP

    1536:tvuQFIy5URkoePQHI2rtvsL5JMuBrqZO7WKB67Clh:1uQFl5+lsQHdrRe5JMUrPqKB67w

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://uhlandstrasse.de/67Vl28/
exe.dropper

http://muzykomani.pl/lenqx/
exe.dropper

http://slytec.com/0FzJB/
exe.dropper

http://smpadvance.com/fHOIVS2/

Targets

    • Target

      82b065a48e969eb0200449e104f0b8a6

    • Size

      106KB

    • MD5

      82b065a48e969eb0200449e104f0b8a6

    • SHA1

      678dae65881def594b5c68d305d23194565d1753

    • SHA256

      71dabd0339fa65620cf867e4cd921620242f26305673ec15658e7cabf1b127b1

    • SHA512

      864f5bc0b07f252c66ad06933b9701c5fb16c9043caac61907bd8b4322ecc08ede6d21e393c6a6d6335760a821656807ee2fa4963246d35a0cd0c34fd1b3435a

    • SSDEEP

      1536:PwddNwTeLbS7vXRGzFQ+aggx9Gg2SuidngdAbHVJEO3xvU:mCeLmTX7x9Gg2SZdnPTXEmxv

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks