Overview

overview

10

Static

static

1

picturewit...ea.rtf

windows7-x64

10

Resubmissions

25/09/2024, 07:20

240925-h535vavgph 10

25/09/2024, 07:17

240925-h4ee4ascpp 1

Sharing

Copy URL Twitter E-mail

General

  • Target

    picturewithmegreatworksgoingtobefinewithgreatentirebusinessgoingonwithentirethingstobeonlinewithgreatthingshave_____happyfaceforme[1].doc

  • Size

    104KB

  • Sample

    240925-h535vavgph

  • MD5

    4f6f843e70d1f50e225cdefefd349575

  • SHA1

    5d88e13087c0ef5f37a263d3442b401d1068ae1c

  • SHA256

    d9fef06cc1cae0c066507535d616b87b8312038104b5097fd5bb91c039f894f1

  • SHA512

    3cbe07f9206dacce423db343bc41c055e0acb9612ed3d5e36876cdba75233f1e89ff4ccb78215eea4469c98a35b43055b5dde20ed08374e2c0f5ff1f05a72175

  • SSDEEP

    768:VVW4wVWbMLeiMUZEW4K+0AsnlXK0zTtYY1O:HW4LMLeUZEhKbAsnlXK0zTtYQO

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt
exe.dropper

https://ia600100.us.archive.org/24/items/detah-note-v/DetahNoteV.txt

Targets

    • Target

      picturewithmegreatworksgoingtobefinewithgreatentirebusinessgoingonwithentirethingstobeonlinewithgreatthingshave_____happyfaceforme[1].doc

    • Size

      104KB

    • MD5

      4f6f843e70d1f50e225cdefefd349575

    • SHA1

      5d88e13087c0ef5f37a263d3442b401d1068ae1c

    • SHA256

      d9fef06cc1cae0c066507535d616b87b8312038104b5097fd5bb91c039f894f1

    • SHA512

      3cbe07f9206dacce423db343bc41c055e0acb9612ed3d5e36876cdba75233f1e89ff4ccb78215eea4469c98a35b43055b5dde20ed08374e2c0f5ff1f05a72175

    • SSDEEP

      768:VVW4wVWbMLeiMUZEW4K+0AsnlXK0zTtYY1O:HW4LMLeUZEhKbAsnlXK0zTtYQO

    Score
    10/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks