e5e10a688f23d31fe192174a2502c35793c4edac8b18697e031fd45185abb351 | Triage

Sharing

General

Target

e5e10a688f23d31fe192174a2502c35793c4edac8b18697e031fd45185abb351
Size

72KB
Sample

241119-npdsxavpcv
MD5

d59daa1feb1c74686edb2f339d9cd8f6
SHA1

d74f3b43446159836033398232938d708a415bfd
SHA256

e5e10a688f23d31fe192174a2502c35793c4edac8b18697e031fd45185abb351
SHA512

30f2828d1846e0365bd4cdf9442c8fcc4298a0c0d18a12103e7c70137b550f57e87f48db9431d4bd3e03acf334659c18629f9db529ffacd85fcac444841b07bf
SSDEEP

1536:/DMeDPY5C6OJsdBpZWwBJYg5DshBAvWL1LQ6xrtk:/4eDPY5CTsdAwBmg5DshBAvW1zC

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://masseyatnandina.com/wp-content/ys44/

exe.dropper

http://pickpointgarage.com/protected-array/zb1k8/

exe.dropper

http://evolvedself.com/dir/523arw979/

exe.dropper

http://www.eruquantum.com/scripts/t647/

exe.dropper

http://stlaurentpro.com/25bd/a49/

Targets

- Target
  
  e5e10a688f23d31fe192174a2502c35793c4edac8b18697e031fd45185abb351
- Size
  
  72KB
- MD5
  
  d59daa1feb1c74686edb2f339d9cd8f6
- SHA1
  
  d74f3b43446159836033398232938d708a415bfd
- SHA256
  
  e5e10a688f23d31fe192174a2502c35793c4edac8b18697e031fd45185abb351
- SHA512
  
  30f2828d1846e0365bd4cdf9442c8fcc4298a0c0d18a12103e7c70137b550f57e87f48db9431d4bd3e03acf334659c18629f9db529ffacd85fcac444841b07bf
- SSDEEP
  
  1536:/DMeDPY5C6OJsdBpZWwBJYg5DshBAvWL1LQ6xrtk:/4eDPY5CTsdAwBmg5DshBAvW1zC
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2