b7eb625981dd8cc620af32cef8fca1814dbf6d2b853d90c3ed00327d165c5af7 | Triage

Submit
Reports

Overview

overview

Static

static

1

30092024_2...t.docx

windows7-x64

30092024_2...t.docx

windows10-2004-x64

1

Sharing

General

Target

30092024_2248_30092024_Material list.docx
Size

770KB
Sample

240930-2q56fasgmd
MD5

b9ca7824b0cf46ce04ce56e14909efb4
SHA1

20176f284724f65abd77176d3c67633f4584f2b5
SHA256

b7eb625981dd8cc620af32cef8fca1814dbf6d2b853d90c3ed00327d165c5af7
SHA512

e4a9e5dd909fc4724748189adf904b35e52e486700e2471f958857478a4be06877f1efa871038402836416054097dfe63a9b53e9e9eea5d8d1ae32b336430dc9
SSDEEP

12288:JNC5JClLMC5cGm0LpsjYJ46gvycWL5c7PasQB2i4MYJv/u8QdyAxd6mzoGfyS2EC:JACluL0CjY7EDWQisQB2tXuFdyZGh2EC

Score

10^/10

discovery execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

30092024_2248_30092024_Material list.docx

Resource

win7-20240903-en

discovery execution

windows7-x64

15 signatures

300 seconds

Behavioral task

behavioral2

Sample

30092024_2248_30092024_Material list.docx

Resource

win10v2004-20240802-en

windows10-2004-x64

8 signatures

300 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

exe.dropper

https://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

Targets

- Target
  
  30092024_2248_30092024_Material list.docx
- Size
  
  770KB
- MD5
  
  b9ca7824b0cf46ce04ce56e14909efb4
- SHA1
  
  20176f284724f65abd77176d3c67633f4584f2b5
- SHA256
  
  b7eb625981dd8cc620af32cef8fca1814dbf6d2b853d90c3ed00327d165c5af7
- SHA512
  
  e4a9e5dd909fc4724748189adf904b35e52e486700e2471f958857478a4be06877f1efa871038402836416054097dfe63a9b53e9e9eea5d8d1ae32b336430dc9
- SSDEEP
  
  12288:JNC5JClLMC5cGm0LpsjYJ46gvycWL5c7PasQB2i4MYJv/u8QdyAxd6mzoGfyS2EC:JACluL0CjY7EDWQisQB2tXuFdyZGh2EC
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Abuses OpenXML format to download file from external location
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy