Overview

overview

10

Static

static

8

DOC-102404...19.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOC-1024047857539219.doc

  • Size

    141KB

  • Sample

    240920-1699na1flm

  • MD5

    f05b51ff62b8a936a9ae9fb42de0e2d7

  • SHA1

    07bd71cc74e6cc9ac32994ffb2f5f2c17312e45c

  • SHA256

    37b56acca434a4704378c5031e26566096282c346b3ea37fc2390f7ff4ceb1b8

  • SHA512

    9d7c0951aefd793b110486f32763907e77be80af2a479d2228665cf4dd286976c4bfdc5af423965c1e3e281061e359c6dc72985c463cd29d5c7f7e605a77b66e

  • SSDEEP

    1536:6681ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a98fkS03osuxtiPxFYPay:38GhDS0o9zTGOZD6EbzCdsaRMQy

Score
10/10
executionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://twilm.com/IsvlxHU
exe.dropper

http://kawahrengganis.com/dNCOd9BFwP
exe.dropper

http://bnicl.net/JIN1P3qE7T
exe.dropper

http://dev.yajur.com/pVc0MkrUF
exe.dropper

http://hellodev.efront-dev.com.au/kDx1GRbOo8

Targets

    • Target

      DOC-1024047857539219.doc

    • Size

      141KB

    • MD5

      f05b51ff62b8a936a9ae9fb42de0e2d7

    • SHA1

      07bd71cc74e6cc9ac32994ffb2f5f2c17312e45c

    • SHA256

      37b56acca434a4704378c5031e26566096282c346b3ea37fc2390f7ff4ceb1b8

    • SHA512

      9d7c0951aefd793b110486f32763907e77be80af2a479d2228665cf4dd286976c4bfdc5af423965c1e3e281061e359c6dc72985c463cd29d5c7f7e605a77b66e

    • SSDEEP

      1536:6681ooMDS034nC54nZrL4AkiuAMOkEEW/yEbzvadf+a98fkS03osuxtiPxFYPay:38GhDS0o9zTGOZD6EbzCdsaRMQy

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks