Overview

overview

10

Static

static

1

ab6a233f41...1.docx

windows7-x64

10

ab6a233f41...1.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab6a233f41353b78344e40ea3facd999ab2c8a1de661195303689a8623a2fc01.doc

  • Size

    369KB

  • Sample

    240822-mndk3ssbmc

  • MD5

    86ddddd33810e007512f0229b24be0bc

  • SHA1

    e81d9b9a0460495fec9262e6e27392a8d0ef8f27

  • SHA256

    ab6a233f41353b78344e40ea3facd999ab2c8a1de661195303689a8623a2fc01

  • SHA512

    4321ef749f9de8571540f20afc9ba7b4b033c20180d082bf31817dec72274e7989fbadc9cb6491371926e9b5efa4b874da60e64278eaa8127fb8daa05ce88aa3

  • SSDEEP

    6144:BjyKL7thxW6C6rELBvzNEfGi1od8dyLj5y7SYtYuep9danlYOU5lMpm1DfLi/CJ:YKL7P86CdvzNEfGi1G5kz2uuAlYOUlAC

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      ab6a233f41353b78344e40ea3facd999ab2c8a1de661195303689a8623a2fc01.doc

    • Size

      369KB

    • MD5

      86ddddd33810e007512f0229b24be0bc

    • SHA1

      e81d9b9a0460495fec9262e6e27392a8d0ef8f27

    • SHA256

      ab6a233f41353b78344e40ea3facd999ab2c8a1de661195303689a8623a2fc01

    • SHA512

      4321ef749f9de8571540f20afc9ba7b4b033c20180d082bf31817dec72274e7989fbadc9cb6491371926e9b5efa4b874da60e64278eaa8127fb8daa05ce88aa3

    • SSDEEP

      6144:BjyKL7thxW6C6rELBvzNEfGi1od8dyLj5y7SYtYuep9danlYOU5lMpm1DfLi/CJ:YKL7P86CdvzNEfGi1G5kz2uuAlYOUlAC

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks