Overview

overview

10

Static

static

8

PTD080120Z...20.doc

windows7-x64

10

PTD080120Z...20.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PTD080120ZGO082920.doc

  • Size

    223KB

  • Sample

    240920-dr2bwawelq

  • MD5

    21b3a9b03027779dc3070481a468b211

  • SHA1

    6cbaadce0d5e96e9183d01363e26ea7fe8c6cc62

  • SHA256

    7dc9821a27cbc29bddb4bb3c708aad0b24a82d9beb1a2df9caeabf7ea6bd8e06

  • SHA512

    1b2146c0c83cdb7e438465225d7b10813ccf47ee37bc9b13ec6a1572c56f494359a7252218262a0003ab5cf820ab69baf67ba48bf60b448e65ffca0388a98b71

  • SSDEEP

    3072:P7Yy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////E:10uXnWFchmmcI/o1/NO5j4nwKz7Oc

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://qstride.com/img/0/
exe.dropper

http://tskgear.com/wp-content/uploads/2015/06/pz/
exe.dropper

http://vermasiyaahi.com/cgi-bin/8/
exe.dropper

http://www.weblabor.com.br/avisos/QIU9/
exe.dropper

http://viniciusrangel.com/experimental/VIhMh1/
exe.dropper

http://westvac.com/wp-content/GOYx/
exe.dropper

https://viewall.eu/cgi-bin/SbhZP9X/

Targets

    • Target

      PTD080120ZGO082920.doc

    • Size

      223KB

    • MD5

      21b3a9b03027779dc3070481a468b211

    • SHA1

      6cbaadce0d5e96e9183d01363e26ea7fe8c6cc62

    • SHA256

      7dc9821a27cbc29bddb4bb3c708aad0b24a82d9beb1a2df9caeabf7ea6bd8e06

    • SHA512

      1b2146c0c83cdb7e438465225d7b10813ccf47ee37bc9b13ec6a1572c56f494359a7252218262a0003ab5cf820ab69baf67ba48bf60b448e65ffca0388a98b71

    • SSDEEP

      3072:P7Yy0u8YGgjv+ZvchmkHcI/o1/Vb6//////////////////////////////////E:10uXnWFchmmcI/o1/NO5j4nwKz7Oc

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks