946f2b7669561b2d71bca59bdfa02ff82cb580eb6df077c325b20618a4d8b800 | Triage

Sharing

General

Target

946f2b7669561b2d71bca59bdfa02ff82cb580eb6df077c325b20618a4d8b800
Size

213KB
Sample

241120-1mq2nsvcqn
MD5

2d87858d2d5eb98d8e026d07a0fbc371
SHA1

f811c8a6d76611956533bdd4b6e1fac82706730b
SHA256

946f2b7669561b2d71bca59bdfa02ff82cb580eb6df077c325b20618a4d8b800
SHA512

0d28f276a638137bff7bd0c55f182fd336c360c4aa2a8436e3168baa0ef986281ad4d0f5916f923ad9da248a43033bce240b13a67566e97cf3ce5aa7e41e756d
SSDEEP

6144:FF2k4WtGiL3HJk9tD7bdgyD9Wv4G4IFbL:FFvQitkb7bC1bL

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

- Target
  
  946f2b7669561b2d71bca59bdfa02ff82cb580eb6df077c325b20618a4d8b800
- Size
  
  213KB
- MD5
  
  2d87858d2d5eb98d8e026d07a0fbc371
- SHA1
  
  f811c8a6d76611956533bdd4b6e1fac82706730b
- SHA256
  
  946f2b7669561b2d71bca59bdfa02ff82cb580eb6df077c325b20618a4d8b800
- SHA512
  
  0d28f276a638137bff7bd0c55f182fd336c360c4aa2a8436e3168baa0ef986281ad4d0f5916f923ad9da248a43033bce240b13a67566e97cf3ce5aa7e41e756d
- SSDEEP
  
  6144:FF2k4WtGiL3HJk9tD7bdgyD9Wv4G4IFbL:FFvQitkb7bC1bL
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2