31046cbfa8c6364855b43d999a13c67fc72ef56de93a2d0dc5de23fdfb16f923 | Triage

Submit
Reports

Overview

overview

Static

static

8

31046cbfa8...23.doc

windows7-x64

31046cbfa8...23.doc

windows10-2004-x64

Sharing

General

Target

31046cbfa8c6364855b43d999a13c67fc72ef56de93a2d0dc5de23fdfb16f923
Size

110KB
Sample

240710-z1tjaazfpn
MD5

779769658592b517ac94754b2e1440e0
SHA1

267ad7195a092fd012c5f7e7bead95ef4628d3cb
SHA256

31046cbfa8c6364855b43d999a13c67fc72ef56de93a2d0dc5de23fdfb16f923
SHA512

3806f137ce0546814c8ec2fa5f4383893547431fa63c9d8416094c7eaecd188f40361099c68278e3cc0924b1c73d3f7fa3971eb6e1a08fc4b3601187b551bf84
SSDEEP

1536:d9ITuk/hms5bEb+FtYuvck3fu6Va8KefAQGQ2ZiYxXJXs:d9MV/XI+FtTvcAU0STi85s

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

31046cbfa8c6364855b43d999a13c67fc72ef56de93a2d0dc5de23fdfb16f923.doc

Resource

win7-20240704-en

windows7-x64

9 signatures

60 seconds

Behavioral task

behavioral2

Sample

31046cbfa8c6364855b43d999a13c67fc72ef56de93a2d0dc5de23fdfb16f923.doc

Resource

win10v2004-20240709-en

windows10-2004-x64

9 signatures

60 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://w2afipbza0zj.pw/blog/wnx0bykhutp2.exe

Targets

- Target
  
  31046cbfa8c6364855b43d999a13c67fc72ef56de93a2d0dc5de23fdfb16f923
- Size
  
  110KB
- MD5
  
  779769658592b517ac94754b2e1440e0
- SHA1
  
  267ad7195a092fd012c5f7e7bead95ef4628d3cb
- SHA256
  
  31046cbfa8c6364855b43d999a13c67fc72ef56de93a2d0dc5de23fdfb16f923
- SHA512
  
  3806f137ce0546814c8ec2fa5f4383893547431fa63c9d8416094c7eaecd188f40361099c68278e3cc0924b1c73d3f7fa3971eb6e1a08fc4b3601187b551bf84
- SSDEEP
  
  1536:d9ITuk/hms5bEb+FtYuvck3fu6Va8KefAQGQ2ZiYxXJXs:d9MV/XI+FtTvcAU0STi85s
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy