Overview

overview

10

Static

static

1

SecuriteIn...72.rtf

windows7-x64

10

SecuriteIn...72.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    SecuriteInfo.com.Exploit.CVE-2017-11882.123.18888.15372.rtf

  • Size

    79KB

  • Sample

    240903-mc32latfqp

  • MD5

    c7c92e5b818f1f959604d147d1676615

  • SHA1

    1b1ac7cab7550481bd41132a1a87c1ddb92e06a7

  • SHA256

    575c18f18dcf79e109cdfe499056f7300f650306a65ddbe29375fb33d1fe3128

  • SHA512

    b9babc906754eb30256d8cb5eecece21e1500a2fefa06e08bae6780e189f8ef229efcb838c38a0a78c27516ad3679be9a7541e5beb4fa61628a862dc0f92ca98

  • SSDEEP

    384:YXGFCROdo6gBHn0jCkPv9zaznre4JMMlmjKsAPIrTo7jMU:YXPRWgRc9+feghqAPIvGjMU

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg
exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      SecuriteInfo.com.Exploit.CVE-2017-11882.123.18888.15372.rtf

    • Size

      79KB

    • MD5

      c7c92e5b818f1f959604d147d1676615

    • SHA1

      1b1ac7cab7550481bd41132a1a87c1ddb92e06a7

    • SHA256

      575c18f18dcf79e109cdfe499056f7300f650306a65ddbe29375fb33d1fe3128

    • SHA512

      b9babc906754eb30256d8cb5eecece21e1500a2fefa06e08bae6780e189f8ef229efcb838c38a0a78c27516ad3679be9a7541e5beb4fa61628a862dc0f92ca98

    • SSDEEP

      384:YXGFCROdo6gBHn0jCkPv9zaznre4JMMlmjKsAPIrTo7jMU:YXPRWgRc9+feghqAPIvGjMU

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks