General

  • Target

    a903600e701a671c3eaaae0a24b8f3c8afdd16d0e831df015e92d7c6ad064b44

  • Size

    33KB

  • Sample

    240625-z2jepswdmr

  • MD5

    9848b661a2ad27dc17ade9acb24a9765

  • SHA1

    7099c664c44580f7432140a7f5768bdf40f0b6e6

  • SHA256

    a903600e701a671c3eaaae0a24b8f3c8afdd16d0e831df015e92d7c6ad064b44

  • SHA512

    92231e4e6bb84a3e256186ffd06f1d6c5c71f1c129d4da121278b48339b838750d6a7c101af8035ed05484033cab90511103c7b18eaacc267c156f2447d44b28

  • SSDEEP

    192:N24cZEvA+6/6rNavrgYjk+4bWlzEtsPXZJtxzpaJYacnVg0jlnotX6Yv9Bwgodac:0yiSwvxjk+tz2mJnpoBgVg0jmtFg

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://10.10.100.200/run64.ps1

Targets

    • Target

      a903600e701a671c3eaaae0a24b8f3c8afdd16d0e831df015e92d7c6ad064b44

    • Size

      33KB

    • MD5

      9848b661a2ad27dc17ade9acb24a9765

    • SHA1

      7099c664c44580f7432140a7f5768bdf40f0b6e6

    • SHA256

      a903600e701a671c3eaaae0a24b8f3c8afdd16d0e831df015e92d7c6ad064b44

    • SHA512

      92231e4e6bb84a3e256186ffd06f1d6c5c71f1c129d4da121278b48339b838750d6a7c101af8035ed05484033cab90511103c7b18eaacc267c156f2447d44b28

    • SSDEEP

      192:N24cZEvA+6/6rNavrgYjk+4bWlzEtsPXZJtxzpaJYacnVg0jlnotX6Yv9Bwgodac:0yiSwvxjk+tz2mJnpoBgVg0jmtFg

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks