7b18ff94d9843443828f7472ed3e4b7f3f2ccb36ef347622ec756c601a3e494c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7b18ff94d9843443828f7472ed3e4b7f3f2ccb36ef347622ec756c601a3e494c
Size

315KB
Sample

240925-sawsds1fkq
MD5

f6391ded69fe81779e75c66c4e06fdbc
SHA1

a1f97222f7fcf91f52afeeb760ed037bce498fd3
SHA256

7b18ff94d9843443828f7472ed3e4b7f3f2ccb36ef347622ec756c601a3e494c
SHA512

d83073afd81b8ca91e2408018ffd4e113576ca43f774fb52a48010ebe2b61aa81715fd903ae5d1eb7e69de209d4fb798360277c9a02831334375676506586731
SSDEEP

6144:v8gG5/BnVfRFJ7KK9aHScdX9znGUhYNpuKCxx6dj:v2n9R/lA5dX9znGUiNrdj

Score

10^/10

discovery macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://81.56.198.200/vzDYQ0vT

exe.dropper

http://sosh47.citycheb.ru/Epe9RyrbX

exe.dropper

http://thptngochoi.edu.vn/3X1Gc99SU

exe.dropper

http://fit-school.ru/zCBKJesoEs

exe.dropper

http://diaocthiennam.vn/tcD61klP

Targets

- Target
  
  Dokumentenkopie-84150054-190221
- Size
  
  277KB
- MD5
  
  582ee4846834a26ebc4fd15c845e5c85
- SHA1
  
  bb3bb4f1fb4930272c9b036716762d1c3b10ce20
- SHA256
  
  0a430c521e0b67b41fe962570eddc2f391c29bc0d9b688b2a35c834cd08a58ae
- SHA512
  
  9ac0ec1b3f50abad790cc88de42e20b72182849e02eaf0f28e63c3221029a89e2144daa33fff8358bfd49d4495fd7444a1ae87e5d257ff93345590e54f239f87
- SSDEEP
  
  6144:XG5/BnVfRFJ7KK9aHScdX9znGUhYNpuKCxx6djQ:X2n9R/lA5dX9znGUiNrdjQ
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2