4da5d6faa650f5c7553a4152c9461b40321414042e9410a3b5aa76befda4a973 | Triage

Sharing

General

Target

4da5d6faa650f5c7553a4152c9461b40321414042e9410a3b5aa76befda4a973
Size

207KB
Sample

241119-xmt7jsvpbj
MD5

7dda0f177751d4ebe292ccad3420a4c4
SHA1

c2d12949c77486ff42cdeced7b4423cc7dec1cb9
SHA256

4da5d6faa650f5c7553a4152c9461b40321414042e9410a3b5aa76befda4a973
SHA512

20493fdade30212ff8bd52196ca9268c3edaae82200e44a82c383f544ce29598011934c49718b063ef1cd2ff15bd7c6347a5d9b363c37d68a6f77615283cfccc
SSDEEP

6144:+r2k4DtGiL3HJk9RD7bK5nEZAe9ohV7WU:+riQitk77bMEZH94V7WU

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://pcms.bridgeimprex.com/zAqMf/

exe.dropper

http://test.a1enterprise.com/jxl/xo/

exe.dropper

http://app.bridgeimpex.org/img/H4sNbg51/

exe.dropper

http://a1enterprises.com/wp-content/BpOszbMoI/

exe.dropper

http://isabella.makeyourselfelaborate.com/wp-admin/u19xl/

Targets

- Target
  
  4da5d6faa650f5c7553a4152c9461b40321414042e9410a3b5aa76befda4a973
- Size
  
  207KB
- MD5
  
  7dda0f177751d4ebe292ccad3420a4c4
- SHA1
  
  c2d12949c77486ff42cdeced7b4423cc7dec1cb9
- SHA256
  
  4da5d6faa650f5c7553a4152c9461b40321414042e9410a3b5aa76befda4a973
- SHA512
  
  20493fdade30212ff8bd52196ca9268c3edaae82200e44a82c383f544ce29598011934c49718b063ef1cd2ff15bd7c6347a5d9b363c37d68a6f77615283cfccc
- SSDEEP
  
  6144:+r2k4DtGiL3HJk9RD7bK5nEZAe9ohV7WU:+riQitk77bMEZH94V7WU
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2