Overview

overview

10

Static

static

8

11f85ab6d3...dd.xls

windows7-x64

10

11f85ab6d3...dd.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11f85ab6d3af74687864ea0c2ab6131c0dd0a84854040bb04ed5425606b8fedd

  • Size

    122KB

  • Sample

    241119-x5tzha1aqc

  • MD5

    76aa4e1efa73db559fa8ede0f7782cce

  • SHA1

    24b771ab7c97890084ba0cee39fd797b5920c731

  • SHA256

    11f85ab6d3af74687864ea0c2ab6131c0dd0a84854040bb04ed5425606b8fedd

  • SHA512

    aa557bbc7d557ecfa55125693c15deb03f814580f04ba86e30883dae1b605109d1d75cf7fc232709b4c607425fb4f5470ab957e7188b20add18c382fcead7fa5

  • SSDEEP

    3072:/Oehv7q2Pjx45uoDGTj+5xtekEvi8/dgZBFoTLTmxW5WxVe+4YWsdiXUch1L:mehv7q2Pjx45uoDGTj+5xtFEvi8/dgZ8

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://midnightsilvercrafters.com/store/wBjNOUw/
exe.dropper

http://tempral.com/NATE_05_22_2009/BI710N4cQ6R3/
exe.dropper

https://redington.karmatechmediaworks.com/wp-content/3JVuVx7QUM/
exe.dropper

https://uhc.karmatechmediaworks.com/wp-content/0EqfdeznntlOpaIP2Qv/
exe.dropper

https://servilogic.net/b/14hqrdyP0Z3WsbQib8/
exe.dropper

https://comezmuhendislik.com/ljfrmm/VTpHRFWoORAHnRQ3aQL/
exe.dropper

http://webmail.glemedical.com/wp-content/J1M2xxodH/
exe.dropper

http://toto.karmatechmediaworks.com/wp-content/i826vbcVgRJ/
exe.dropper

https://golfpia.karmatechmediaworks.com/wp-content/oEicpDnEkk/
exe.dropper

https://fortiuspharma.com/y6krss/EGm347cqj5/
exe.dropper

https://garyjharris.com/cgi-bin/0hH/
exe.dropper

https://vietnam.karmatechmediaworks.com/wp-content/PfSVQagusZy7AaMw/
exe.dropper

https://vinculinc.karmatechmediaworks.com/wp-content/VlcOPPwgidWlXDJNs6/

Targets

    • Target

      11f85ab6d3af74687864ea0c2ab6131c0dd0a84854040bb04ed5425606b8fedd

    • Size

      122KB

    • MD5

      76aa4e1efa73db559fa8ede0f7782cce

    • SHA1

      24b771ab7c97890084ba0cee39fd797b5920c731

    • SHA256

      11f85ab6d3af74687864ea0c2ab6131c0dd0a84854040bb04ed5425606b8fedd

    • SHA512

      aa557bbc7d557ecfa55125693c15deb03f814580f04ba86e30883dae1b605109d1d75cf7fc232709b4c607425fb4f5470ab957e7188b20add18c382fcead7fa5

    • SSDEEP

      3072:/Oehv7q2Pjx45uoDGTj+5xtekEvi8/dgZBFoTLTmxW5WxVe+4YWsdiXUch1L:mehv7q2Pjx45uoDGTj+5xtFEvi8/dgZ8

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks