Overview

overview

10

Static

static

8

a061393835...20.doc

windows7-x64

10

a061393835...20.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a061393835489399258b473ba4af1a60e6ff388c71a171d45fe29cbc76515220

  • Size

    182KB

  • Sample

    241119-wvgqrazbkg

  • MD5

    f5a5c65b1e3140636198e79fff9c5667

  • SHA1

    a80b0616fd290ca37706c6a3b1ffc99a71583206

  • SHA256

    a061393835489399258b473ba4af1a60e6ff388c71a171d45fe29cbc76515220

  • SHA512

    1f6cc4d668b8b01da42d0d1263e502e28c8e83dcbf9de21a9fcf7ef7203874d02c1e6aed718a41a4ab1c65f9cd479ff13cfda0e2a187c8df820e13d9e67b0e13

  • SSDEEP

    3072:9Nz2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7F:9Nz2k4PF7tGiL3HJk9rD7bdasiv86J

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://diwafashions.com/wp-admin/mqau6/
exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/
exe.dropper

http://diaspotv.info/wordpress/G/
exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

    • Target

      a061393835489399258b473ba4af1a60e6ff388c71a171d45fe29cbc76515220

    • Size

      182KB

    • MD5

      f5a5c65b1e3140636198e79fff9c5667

    • SHA1

      a80b0616fd290ca37706c6a3b1ffc99a71583206

    • SHA256

      a061393835489399258b473ba4af1a60e6ff388c71a171d45fe29cbc76515220

    • SHA512

      1f6cc4d668b8b01da42d0d1263e502e28c8e83dcbf9de21a9fcf7ef7203874d02c1e6aed718a41a4ab1c65f9cd479ff13cfda0e2a187c8df820e13d9e67b0e13

    • SSDEEP

      3072:9Nz2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7F:9Nz2k4PF7tGiL3HJk9rD7bdasiv86J

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks