Overview

overview

10

Static

static

8

ac3eb0fc4f...b6.xls

windows7-x64

10

ac3eb0fc4f...b6.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac3eb0fc4f8e3552acbbb90c3f9d1e3b920a3a157b9f2c121f4e33e2b6fd6bb6

  • Size

    144KB

  • Sample

    241120-19ft8avkfw

  • MD5

    4e5ddc43df4e2df4755a36d76c268c68

  • SHA1

    e6f524a955a7ba956b5d60bc70332b4955bfb89a

  • SHA256

    ac3eb0fc4f8e3552acbbb90c3f9d1e3b920a3a157b9f2c121f4e33e2b6fd6bb6

  • SHA512

    9a7cc46c2f7cf2193c7d7c6b6eb7cb9fc7a22ba380128cefc444fb3aed7b60edce2d47029ac1845680699d7daa43b2d7397fe8701d2b4b83c038d3fba16fb477

  • SSDEEP

    3072:L7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI7Gxl:HcKoSsxzNDZLDZjlbR868O8K0c03D38l

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://four.renovatiog.ltd/wp-includes/KGzoB0zsRKZjjEe/
exe.dropper

http://adultfriendfinder-adultfriends.com/mmfdoublepenetrationadultfriends/0pcEeJPfwMU/
exe.dropper

http://jwellery.fameitc.com/wp-includes/wQK7z9cEcwWCUG/
exe.dropper

http://arcgakuin-dev2.sukoburu-secure.com/l35uhr/R1evmjjhga/
exe.dropper

http://bimesarayenovin.ir/wp-admin/z464/
exe.dropper

http://hostfeeling.com/wp-admin/DidtoZk2EEc7BWXyhh/
exe.dropper

http://gardeningfilm.com/wp-content/Ef/
exe.dropper

http://moneymagnetentertainment.com/pz66t8y/Bd0sR0htA8mHibNJrk/
exe.dropper

https://100lamp.com.ua:443/sale/a/
exe.dropper

http://queenofluv.com/uemsub/peLSdHCvfhkge/

Targets

    • Target

      ac3eb0fc4f8e3552acbbb90c3f9d1e3b920a3a157b9f2c121f4e33e2b6fd6bb6

    • Size

      144KB

    • MD5

      4e5ddc43df4e2df4755a36d76c268c68

    • SHA1

      e6f524a955a7ba956b5d60bc70332b4955bfb89a

    • SHA256

      ac3eb0fc4f8e3552acbbb90c3f9d1e3b920a3a157b9f2c121f4e33e2b6fd6bb6

    • SHA512

      9a7cc46c2f7cf2193c7d7c6b6eb7cb9fc7a22ba380128cefc444fb3aed7b60edce2d47029ac1845680699d7daa43b2d7397fe8701d2b4b83c038d3fba16fb477

    • SSDEEP

      3072:L7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI7Gxl:HcKoSsxzNDZLDZjlbR868O8K0c03D38l

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks