General

  • Target

    2e46c6976dc0053fc0c482548460958df20ccf76fe61f41202ed0fa7c5726155

  • Size

    206KB

  • Sample

    241113-j8zghaybnc

  • MD5

    d4aa61eba5ee0542cb5379181bd30adf

  • SHA1

    91d17360f6a39c946bc7073f42c80ff7c125c5f3

  • SHA256

    2e46c6976dc0053fc0c482548460958df20ccf76fe61f41202ed0fa7c5726155

  • SHA512

    9da6cf0459b4cdfd03d3d073df008d64d7c2d413040e921d854b0335f8a76bf9e6434896097ac58a31067e4dee6c2b0b1f8906eb3bd7c8c2baa3c6d9e468adc3

  • SSDEEP

    6144:dN2k4DtGiL3HJk9RD7b75nEZAe9ohV7W0:dNiQitk77b9EZH94V7W0

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://pcms.bridgeimprex.com/zAqMf/

exe.dropper

http://test.a1enterprise.com/jxl/xo/

exe.dropper

http://app.bridgeimpex.org/img/H4sNbg51/

exe.dropper

http://a1enterprises.com/wp-content/BpOszbMoI/

exe.dropper

http://isabella.makeyourselfelaborate.com/wp-admin/u19xl/

Targets

    • Target

      2e46c6976dc0053fc0c482548460958df20ccf76fe61f41202ed0fa7c5726155

    • Size

      206KB

    • MD5

      d4aa61eba5ee0542cb5379181bd30adf

    • SHA1

      91d17360f6a39c946bc7073f42c80ff7c125c5f3

    • SHA256

      2e46c6976dc0053fc0c482548460958df20ccf76fe61f41202ed0fa7c5726155

    • SHA512

      9da6cf0459b4cdfd03d3d073df008d64d7c2d413040e921d854b0335f8a76bf9e6434896097ac58a31067e4dee6c2b0b1f8906eb3bd7c8c2baa3c6d9e468adc3

    • SSDEEP

      6144:dN2k4DtGiL3HJk9RD7b75nEZAe9ohV7W0:dNiQitk77b9EZH94V7W0

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks