Overview

overview

10

Static

static

8

9234e88005...a.xlsm

windows7-x64

10

9234e88005...a.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9234e88005c9e6f2d799b0c6a64edbe9c4f263f1af4d7e03d488927cffaf273a

  • Size

    111KB

  • Sample

    241120-28h4mavfqb

  • MD5

    9af3ba776016b60198602fd3e8dfbecd

  • SHA1

    9baf467e5414d0c931354a5bc83191a10d326272

  • SHA256

    9234e88005c9e6f2d799b0c6a64edbe9c4f263f1af4d7e03d488927cffaf273a

  • SHA512

    116f81454daef37987fed2c699ff49a6a9063cc03c1cb08fb27fed06d0f115db82731c6b7eab61d363a62d3174faaa11b192f7b8f51e7e215a92804b1590cd9c

  • SSDEEP

    1536:PdsEIB9RRXF9OBD4o3C8VseP12QaGZKR3K87ftgfxSS66oXzOVZdIW5DET08:FJIB/p/s4LcRtaXR3KUtE4sYzOXPr8

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://reumatismclinic.com/-/scCnm3mbJRpsaBKBbrC/
exe.dropper

https://shodhmanjari.com/wp-admin/xjEmK4Pd3N/
exe.dropper

http://tubelocal.net/wp-admin/X4Xm4Mk/
exe.dropper

https://pacifichomebroker.com/roderick/RRk/
exe.dropper

https://molinai-journal.com/wp-content/4HBv/
exe.dropper

https://marineboyrecords.com/font-awesome/QBBByHDDYl0slxlQ/
exe.dropper

https://mashuk.net/wp-includes/ej6R4fkU/
exe.dropper

https://lapalette.store/Fox-C404/Gngia6hD0i5zsgd2/
exe.dropper

https://jhonnycryptic.com/cgi-bin/OhZdKCDRBYGZudqs/
exe.dropper

https://korean911.com/wp-admin/TZczIsZtMFXxM5T/
exe.dropper

https://fonijuk.org/wp-content/fzq6vYFUMEiRoR8vG/
exe.dropper

https://baltoe.blog/-/6IC/

Targets

    • Target

      9234e88005c9e6f2d799b0c6a64edbe9c4f263f1af4d7e03d488927cffaf273a

    • Size

      111KB

    • MD5

      9af3ba776016b60198602fd3e8dfbecd

    • SHA1

      9baf467e5414d0c931354a5bc83191a10d326272

    • SHA256

      9234e88005c9e6f2d799b0c6a64edbe9c4f263f1af4d7e03d488927cffaf273a

    • SHA512

      116f81454daef37987fed2c699ff49a6a9063cc03c1cb08fb27fed06d0f115db82731c6b7eab61d363a62d3174faaa11b192f7b8f51e7e215a92804b1590cd9c

    • SSDEEP

      1536:PdsEIB9RRXF9OBD4o3C8VseP12QaGZKR3K87ftgfxSS66oXzOVZdIW5DET08:FJIB/p/s4LcRtaXR3KUtE4sYzOXPr8

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks