ac8bdc073f9b3f0ac30aaa7527b75171c600d1ccf1e8da9e1ab05f879503d576

General

Target

ac8bdc073f9b3f0ac30aaa7527b75171c600d1ccf1e8da9e1ab05f879503d576
Size

11.7MB
Sample

240605-sx3jfsbf79
MD5

0682a05b056026c957fdcdb15e3b3485
SHA1

422091a97fdc01609ad2f8c62c2e5c03bfe2321f
SHA256

ac8bdc073f9b3f0ac30aaa7527b75171c600d1ccf1e8da9e1ab05f879503d576
SHA512

c03986fc3d592ba603141b0a2cd80ea9dd4cf1b461b930bfa5a6ccad334993e014dbf4231cbceba13c69df11f91bdad71df7748e370b906d26d4dc0acb36552e
SSDEEP

196608:Wrdl7qC/fCAmEAHgVXPhu7/GvD6erN0jQ061836sxMQ37oVH+Ce4pDhoGCk:Wrd0C/zFcgV5kG+CyQO366BcVeeJ

Score

10^/10

execution upx

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://officecdn.microsoft.com/db/ea4a4090-de26-49d7-93c1-91bff9e53fc3/Office/Data/v32.cab

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api/v2/C2RReleaseData

Targets

- Target
  
  ac8bdc073f9b3f0ac30aaa7527b75171c600d1ccf1e8da9e1ab05f879503d576
- Size
  
  11.7MB
- MD5
  
  0682a05b056026c957fdcdb15e3b3485
- SHA1
  
  422091a97fdc01609ad2f8c62c2e5c03bfe2321f
- SHA256
  
  ac8bdc073f9b3f0ac30aaa7527b75171c600d1ccf1e8da9e1ab05f879503d576
- SHA512
  
  c03986fc3d592ba603141b0a2cd80ea9dd4cf1b461b930bfa5a6ccad334993e014dbf4231cbceba13c69df11f91bdad71df7748e370b906d26d4dc0acb36552e
- SSDEEP
  
  196608:Wrdl7qC/fCAmEAHgVXPhu7/GvD6erN0jQ061836sxMQ37oVH+Ce4pDhoGCk:Wrd0C/zFcgV5kG+CyQO366BcVeeJ
Score

10^/10

execution upx
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

PowerShell

1

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2