Overview

overview

10

Static

static

8

f6e9df18de...4e.xls

windows7-x64

10

f6e9df18de...4e.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f6e9df18ded37e3e8728f722c0ae13b796837f55304608921fed97dd538ba74e

  • Size

    144KB

  • Sample

    241120-1dhzpstcmg

  • MD5

    63fe243ac27e3b363df51db0bbac1c08

  • SHA1

    40319f467812d05e5a9eb20ac42e22781420216c

  • SHA256

    f6e9df18ded37e3e8728f722c0ae13b796837f55304608921fed97dd538ba74e

  • SHA512

    1b8d6caf9dbf6c3617a1b182f02ed937c712d59f8d906a2d75617675375f9047824ee9ed3c73bb8c9ba8d7d048c872d57b69584d9dd7bb0a8a11765834822bb5

  • SSDEEP

    3072:T7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIKGxS:/cKoSsxzNDZLDZjlbR868O8K0c03D38p

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://althyplane.com/wp-admin/ELWa8YcOqlJn/
exe.dropper

http://dreamdancefactory.clnetworktv.com/zegsgpzq/CT75/
exe.dropper

http://ajkersomaj.com/wp-admin/ThBwKpUbIffmrepRg/
exe.dropper

http://1asehrgut.com/dup-installer/3vESrkJAS97l/
exe.dropper

http://dreamcityloveaffair.com/60bv5/RG9Kb1qRlQ/
exe.dropper

http://dreamproductionsfl.com/tmw8t/Szjjcj5mU1ZA/
exe.dropper

http://dreamcityimprov.com/d5759pd/yzbV45v1nY/
exe.dropper

http://delmarpropertyservices.com/nw1t8jj/NUrSuFyX6P/
exe.dropper

http://batumi4u.com/nwj7iw/jgiK2uwhsu/
exe.dropper

http://blasieholmen-staging.tokig.site/b/SOcGvzIi31HDg/
exe.dropper

http://climate.thecedarcentre.org/cgi-bin/3eseeNZ/
exe.dropper

http://changeyourcommunitynow.com/s1hf7qm/TqcrwYcOiqV8fWA/

Targets

    • Target

      f6e9df18ded37e3e8728f722c0ae13b796837f55304608921fed97dd538ba74e

    • Size

      144KB

    • MD5

      63fe243ac27e3b363df51db0bbac1c08

    • SHA1

      40319f467812d05e5a9eb20ac42e22781420216c

    • SHA256

      f6e9df18ded37e3e8728f722c0ae13b796837f55304608921fed97dd538ba74e

    • SHA512

      1b8d6caf9dbf6c3617a1b182f02ed937c712d59f8d906a2d75617675375f9047824ee9ed3c73bb8c9ba8d7d048c872d57b69584d9dd7bb0a8a11765834822bb5

    • SSDEEP

      3072:T7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIKGxS:/cKoSsxzNDZLDZjlbR868O8K0c03D38p

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks