Overview

overview

10

Static

static

8

cf1ece29b7...6b.doc

windows7-x64

10

cf1ece29b7...6b.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf1ece29b7f8224cd20d9cfef8dbb20e9948f411dcdb9914a6e729561513086b

  • Size

    228KB

  • Sample

    241120-3k8j2swgml

  • MD5

    db1af58f3332ff6f0a504bd7bf0e2971

  • SHA1

    5bb6ad1dd74e0a2c39952476542c943fd8926552

  • SHA256

    cf1ece29b7f8224cd20d9cfef8dbb20e9948f411dcdb9914a6e729561513086b

  • SHA512

    58b08203210e8b0d76e254623f68f8d0a0146d777fe8ef98244b05ce53d7b528016efc42f4f4b4ed6d38d66457cfc3d0684e7310ef4894d9640cdf154325d268

  • SSDEEP

    3072:3Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////7:50uXnWFchmmcI/o1/qJQ29Iey3HwUK

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://lepik.pri.ee/melius/tv471975685/
exe.dropper

http://metanopoly.com/cgi-bin/Krt1152299/
exe.dropper

http://michaeljunk.de/assets/file/HcQLJ/
exe.dropper

http://minerva-bg.net/tutorials/attach/ntHZgJIgtRB/
exe.dropper

http://michna.de/cgi-bin/attach/LUHJFwPAGqOw/
exe.dropper

http://mietelski.de/AdvancedGuestbook_01/uy0gyfv41428711/
exe.dropper

http://miragestudio.ro/journal/attach/gCmLwZCcGjpMe/

Targets

    • Target

      cf1ece29b7f8224cd20d9cfef8dbb20e9948f411dcdb9914a6e729561513086b

    • Size

      228KB

    • MD5

      db1af58f3332ff6f0a504bd7bf0e2971

    • SHA1

      5bb6ad1dd74e0a2c39952476542c943fd8926552

    • SHA256

      cf1ece29b7f8224cd20d9cfef8dbb20e9948f411dcdb9914a6e729561513086b

    • SHA512

      58b08203210e8b0d76e254623f68f8d0a0146d777fe8ef98244b05ce53d7b528016efc42f4f4b4ed6d38d66457cfc3d0684e7310ef4894d9640cdf154325d268

    • SSDEEP

      3072:3Yy0u8YGgjv+ZvchmkHcI/o1/Vb6///////////////////////////////////7:50uXnWFchmmcI/o1/qJQ29Iey3HwUK

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks