Overview

overview

10

Static

static

1

SecuriteIn...29.rtf

windows7-x64

10

SecuriteIn...29.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Exploit.CVE-2017-11882.123.25336.18229.rtf

  • Size

    87KB

  • Sample

    240821-phra4ayaja

  • MD5

    7d3b215b98532e8570e22f353da4223e

  • SHA1

    004b80efe852e998a9ec7c67cf524d5abb660d1c

  • SHA256

    098bfe7ab9c2ca61fc488b0e9751adc098330485b49023852a3fcccace8a227f

  • SHA512

    49f9ef28d030c16cf5035f4a9fadecb385e37603093b3d6c6a871b8dcab3f23ae068e1f19fd38b8a62946eaf77cff8fd8f428a73fb7e90f09b74a64a9d8f0f64

  • SSDEEP

    384:TyfLh3m+7oZ5xgLn4LwP/sluJJxoMTtPNmZYjCYnXPKl:2fLtm+I7AzD1mOCYnfKl

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      SecuriteInfo.com.Exploit.CVE-2017-11882.123.25336.18229.rtf

    • Size

      87KB

    • MD5

      7d3b215b98532e8570e22f353da4223e

    • SHA1

      004b80efe852e998a9ec7c67cf524d5abb660d1c

    • SHA256

      098bfe7ab9c2ca61fc488b0e9751adc098330485b49023852a3fcccace8a227f

    • SHA512

      49f9ef28d030c16cf5035f4a9fadecb385e37603093b3d6c6a871b8dcab3f23ae068e1f19fd38b8a62946eaf77cff8fd8f428a73fb7e90f09b74a64a9d8f0f64

    • SSDEEP

      384:TyfLh3m+7oZ5xgLn4LwP/sluJJxoMTtPNmZYjCYnXPKl:2fLtm+I7AzD1mOCYnfKl

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks