Overview

overview

10

Static

static

8

78df0c6a1f...36.doc

windows7-x64

10

78df0c6a1f...36.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    78df0c6a1ff0609fdf3a8ef30b58fed6db37df9652c5810eefbf70a181967036

  • Size

    181KB

  • Sample

    241120-1db66avbkr

  • MD5

    d4312f2ba569632cdde2d15fbcc221f1

  • SHA1

    971fba47ccac0a1d860d06eaa7452fb40c441f69

  • SHA256

    78df0c6a1ff0609fdf3a8ef30b58fed6db37df9652c5810eefbf70a181967036

  • SHA512

    b9b3f3230288d381d8e441eb47dc363e6f7cdf2e8fb34684bf4ae31feda7c06d722a5049c9ee7ddc33f17fcc2265283cf15bdceced2a1da35ed231b45ee903da

  • SSDEEP

    3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7F:9NO2k4PF7tGiL3HJk9rD7bdasiv86J

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://diwafashions.com/wp-admin/mqau6/
exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/
exe.dropper

http://diaspotv.info/wordpress/G/
exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

    • Target

      78df0c6a1ff0609fdf3a8ef30b58fed6db37df9652c5810eefbf70a181967036

    • Size

      181KB

    • MD5

      d4312f2ba569632cdde2d15fbcc221f1

    • SHA1

      971fba47ccac0a1d860d06eaa7452fb40c441f69

    • SHA256

      78df0c6a1ff0609fdf3a8ef30b58fed6db37df9652c5810eefbf70a181967036

    • SHA512

      b9b3f3230288d381d8e441eb47dc363e6f7cdf2e8fb34684bf4ae31feda7c06d722a5049c9ee7ddc33f17fcc2265283cf15bdceced2a1da35ed231b45ee903da

    • SSDEEP

      3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7F:9NO2k4PF7tGiL3HJk9rD7bdasiv86J

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks