c01116d214a52721cad93ed79028da369ae699819b29e39154b7684b666dd225 | Triage

Sharing

General

Target

c01116d214a52721cad93ed79028da369ae699819b29e39154b7684b666dd225
Size

129KB
Sample

241114-rzjzfsznb1
MD5

89be9f1a2a320fe1d33d74428a2cf9f8
SHA1

eef9615311899e866d1e973b449954ee0a887eee
SHA256

c01116d214a52721cad93ed79028da369ae699819b29e39154b7684b666dd225
SHA512

4ad44879007a84d0fba3e98bcfd4a930fcdd869f1c94793b8fd2c2abb5615fe6da157bdbd51f57209791cb32eeff2e826abd3b9240a0fd44b4000413fb702bee
SSDEEP

3072:hWwAAGhZLiku57RF0ohxf7I8Xo+Zzc6dK73A:6aRF0CrK73A

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://evgeniys.ru/sap-logs/D6/

exe.dropper

http://crownadvertising.ca/wp-includes/OxiAACCoic/

exe.dropper

https://cars-taxonomy.mywebartist.eu/-/BPCahsAFjwF/

exe.dropper

http://immoinvest.com.br/blog_old/wp-admin/luoT/

exe.dropper

https://yoho.love/wp-content/e4laFBDXIvYT6O/

exe.dropper

https://www.168801.xyz/wp-content/6J3CV4meLxvZP/

exe.dropper

https://www.pasionportufuturo.pe/wp-content/XUBS/

Targets

- Target
  
  06012c700c1dac4c122303e920fdf1c71c41e681673c241c9698e5766df275a8
- Size
  
  140KB
- MD5
  
  391dca4cf91ae12aa1b5ac9d0ac3ec41
- SHA1
  
  47cfcf587d838f68a8f8df53ea3afae475436992
- SHA256
  
  06012c700c1dac4c122303e920fdf1c71c41e681673c241c9698e5766df275a8
- SHA512
  
  de299156048c8cb81fe9a5e839442347d118b9de47b353500647a73d4b97f010dcef6d6eb3c7ee9b04874010efd0b9f3b8790f8f9013a47271528eaed1be0c41
- SSDEEP
  
  3072:hbcffUXwhJd0+y7ukYe4uYum1GdgOpVXGuhCUqDqwSm:BXw50+OukzVXV2uhDC9Sm
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2