Overview

overview

10

Static

static

1

5e781d5fd0...d8.doc

windows7-x64

10

5e781d5fd0...d8.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e781d5fd024f5cbf83b7cefdd21a232a31b871c284bb0673b74171506cd8fd8

  • Size

    242KB

  • Sample

    241120-1ryx3syncq

  • MD5

    267f126cb0f1e09c5c9c5c623f843b7f

  • SHA1

    05e37cddaacda52a5ff0d208d96d32fd40c40e5a

  • SHA256

    5e781d5fd024f5cbf83b7cefdd21a232a31b871c284bb0673b74171506cd8fd8

  • SHA512

    c59b6e57b58d601ebfb40f93b6754d1fb170b9e13f9deeed41f1807bb73d798488411d4229ccbcc88ab3d12fca5d3287d8d4f524d6a301db7de64e116f4da8a0

  • SSDEEP

    6144:sR2k40tGiL3HJk9/D7bZuhEmfo6BokDPyUKjou:sRVQitkh7bAhLoz

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://salvacodina.com/wp-admin/qWYFrK/
exe.dropper

http://serviska.com/show_cat3/lKzElbNb/
exe.dropper

https://bar-ola.com/wp-admin/KIdh35kENT/
exe.dropper

http://rinani.com/wp-includes/FFkV/
exe.dropper

https://wowmotions.com/wp-admin/A8LwzwQ/

Targets

    • Target

      5e781d5fd024f5cbf83b7cefdd21a232a31b871c284bb0673b74171506cd8fd8

    • Size

      242KB

    • MD5

      267f126cb0f1e09c5c9c5c623f843b7f

    • SHA1

      05e37cddaacda52a5ff0d208d96d32fd40c40e5a

    • SHA256

      5e781d5fd024f5cbf83b7cefdd21a232a31b871c284bb0673b74171506cd8fd8

    • SHA512

      c59b6e57b58d601ebfb40f93b6754d1fb170b9e13f9deeed41f1807bb73d798488411d4229ccbcc88ab3d12fca5d3287d8d4f524d6a301db7de64e116f4da8a0

    • SSDEEP

      6144:sR2k40tGiL3HJk9/D7bZuhEmfo6BokDPyUKjou:sRVQitkh7bAhLoz

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks