15723c9ed5323a6dc5b7a407c37000456bff531f06bd9e7732278eb518445547 | Triage

Sharing

General

Target

15723c9ed5323a6dc5b7a407c37000456bff531f06bd9e7732278eb518445547.doc
Size

114KB
Sample

241030-cjl2jsthpa
MD5

6fe3c24853e9de94688a2311999ba946
SHA1

c4383b6caefcb3050ee009394ed1ae07c4f8fd6e
SHA256

15723c9ed5323a6dc5b7a407c37000456bff531f06bd9e7732278eb518445547
SHA512

a1b12f0e1a44d7743d6159f71ab116c8b9e8499cb2d52bc8d1ae3e9f6bc91c3f16788c9be5526052f6bb23b65ceb730a9a46fa2ccd07de05dc30d51f7e9e81a3
SSDEEP

768:u+e7d8wnZX6sQ1j3ArcSGCTl4JkwHKTZ/rR7APQ8c:J/wnZ9Q1UrJWHaFAPQ3

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

exe.dropper

https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur

Targets

- Target
  
  15723c9ed5323a6dc5b7a407c37000456bff531f06bd9e7732278eb518445547.doc
- Size
  
  114KB
- MD5
  
  6fe3c24853e9de94688a2311999ba946
- SHA1
  
  c4383b6caefcb3050ee009394ed1ae07c4f8fd6e
- SHA256
  
  15723c9ed5323a6dc5b7a407c37000456bff531f06bd9e7732278eb518445547
- SHA512
  
  a1b12f0e1a44d7743d6159f71ab116c8b9e8499cb2d52bc8d1ae3e9f6bc91c3f16788c9be5526052f6bb23b65ceb730a9a46fa2ccd07de05dc30d51f7e9e81a3
- SSDEEP
  
  768:u+e7d8wnZX6sQ1j3ArcSGCTl4JkwHKTZ/rR7APQ8c:J/wnZ9Q1UrJWHaFAPQ3
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2