Overview

overview

10

Static

static

8

800f7b2a4a...be.doc

windows7-x64

10

800f7b2a4a...be.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    800f7b2a4a25677647075210637fc1a2add96910323f61dcaa173b8babe43cbe

  • Size

    171KB

  • Sample

    241120-da2ajstndk

  • MD5

    8d183fb0a8ca3e9cda1c86a6e708354f

  • SHA1

    25808be5a59cc5ad84825e47e0de842fc67b2ef5

  • SHA256

    800f7b2a4a25677647075210637fc1a2add96910323f61dcaa173b8babe43cbe

  • SHA512

    17e08a8f0ebeb8870bd49e632849446f66753ca7961c229fc8617f32c535993201a88349238646b4c10c313cba85c4adf73974412641f83c89bc9a276266eff2

  • SSDEEP

    3072:Qh2y/GdyDktGDWLS0HZWD5w8K7Nk9dD7IBUdNGp4HAIoy:Qh2k4DtGiL3HJk9dD7bLPHAID

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://bepeterson.futurismdemo.com/archive/y5o7/
exe.dropper

http://www.gnc.happenizedev.com/backup/n99uf/
exe.dropper

http://odoo-accounting.com/wp-includes/rest-api/search/R/
exe.dropper

http://monoclepetes.com/disneyworldclassroom/sy52j7/
exe.dropper

http://bakestories.com/0hikvh/Jm4QTsHwF/

Targets

    • Target

      800f7b2a4a25677647075210637fc1a2add96910323f61dcaa173b8babe43cbe

    • Size

      171KB

    • MD5

      8d183fb0a8ca3e9cda1c86a6e708354f

    • SHA1

      25808be5a59cc5ad84825e47e0de842fc67b2ef5

    • SHA256

      800f7b2a4a25677647075210637fc1a2add96910323f61dcaa173b8babe43cbe

    • SHA512

      17e08a8f0ebeb8870bd49e632849446f66753ca7961c229fc8617f32c535993201a88349238646b4c10c313cba85c4adf73974412641f83c89bc9a276266eff2

    • SSDEEP

      3072:Qh2y/GdyDktGDWLS0HZWD5w8K7Nk9dD7IBUdNGp4HAIoy:Qh2k4DtGiL3HJk9dD7bLPHAID

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks