f732728e76216d28cced692aa05429eb25f557a5fddbdad69f144398904c00ac | Triage

Submit
Reports

Overview

overview

Static

static

1

f732728e76...c.ppam

windows7-x64

f732728e76...c.ppam

windows10-2004-x64

Sharing

General

Target

f732728e76216d28cced692aa05429eb25f557a5fddbdad69f144398904c00ac.ppam
Size

8KB
Sample

240523-cpybrsab7x
MD5

4ea662f8506f3a68cb2b151b11e4b1f1
SHA1

44273c4f3c8a3ed1bdf66fb28627e066d20d65a5
SHA256

f732728e76216d28cced692aa05429eb25f557a5fddbdad69f144398904c00ac
SHA512

48f049e048019c56c4dad6c1a91f7e8db922190ba10fbe7fb918301012e2310b86c6fdba6267847322f56de2d299369b0ed2a52e235f51317fcb3bc1735cee71
SSDEEP

192:xrXP/fQTJKIWBawIlTdxLuNG4BIO1d99s0NpMoWV:dXPwTwIWcDTdLGIO33pM5

Score

10^/10

execution

Static task

static1

Behavioral task

behavioral1

Sample

f732728e76216d28cced692aa05429eb25f557a5fddbdad69f144398904c00ac.ppam

Resource

win7-20240221-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f732728e76216d28cced692aa05429eb25f557a5fddbdad69f144398904c00ac.ppam

Resource

win10v2004-20240226-en

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://pt.textbin.net/download/x7sf6t2dgv

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://drive.google.com/uc?export=download&id=15ocCLsR2ZmidPwSBKFMdpMbEhO5YtYQ4

Targets

- Target
  
  f732728e76216d28cced692aa05429eb25f557a5fddbdad69f144398904c00ac.ppam
- Size
  
  8KB
- MD5
  
  4ea662f8506f3a68cb2b151b11e4b1f1
- SHA1
  
  44273c4f3c8a3ed1bdf66fb28627e066d20d65a5
- SHA256
  
  f732728e76216d28cced692aa05429eb25f557a5fddbdad69f144398904c00ac
- SHA512
  
  48f049e048019c56c4dad6c1a91f7e8db922190ba10fbe7fb918301012e2310b86c6fdba6267847322f56de2d299369b0ed2a52e235f51317fcb3bc1735cee71
- SSDEEP
  
  192:xrXP/fQTJKIWBawIlTdxLuNG4BIO1d99s0NpMoWV:dXPwTwIWcDTdLGIO33pM5
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy