Overview

overview

10

Static

static

1

niceperson...st.rtf

windows7-x64

10

niceperson...st.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nicepersonforeverybodylovethepersontogetmebackwithentirebeautifuldaysgivenmesuchagoodthingstounderstandhowmuchnicegirlriendgood.doc

  • Size

    83KB

  • Sample

    240920-vt1a2axfpc

  • MD5

    6584d78630c4842b775ead6ce3010211

  • SHA1

    91b34cb911ffe4a2e8bdfd16a1411276de11e923

  • SHA256

    24c3c8fc3a0420632056016cba54ad89e88b294ae3d3466b8727098fb74d5258

  • SHA512

    93aa8779e4f27233620aeea38abd43d179c99d7e2aa5222d221d075835f903075d916e9726f42738fd2d18b8c24d610d54b69d0969ad5352b29a860ce585f06f

  • SSDEEP

    768:AcmtHKW1Z3bNhsfbAYTDHrsaSHo1i9q/jud:Acm9BLjbOj1ig/6d

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
exe.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

Targets

    • Target

      nicepersonforeverybodylovethepersontogetmebackwithentirebeautifuldaysgivenmesuchagoodthingstounderstandhowmuchnicegirlriendgood.doc

    • Size

      83KB

    • MD5

      6584d78630c4842b775ead6ce3010211

    • SHA1

      91b34cb911ffe4a2e8bdfd16a1411276de11e923

    • SHA256

      24c3c8fc3a0420632056016cba54ad89e88b294ae3d3466b8727098fb74d5258

    • SHA512

      93aa8779e4f27233620aeea38abd43d179c99d7e2aa5222d221d075835f903075d916e9726f42738fd2d18b8c24d610d54b69d0969ad5352b29a860ce585f06f

    • SSDEEP

      768:AcmtHKW1Z3bNhsfbAYTDHrsaSHo1i9q/jud:Acm9BLjbOj1ig/6d

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks