ce875226228081a3efd7ed41b4597a573b7799c1f38e2853ef6eb51649d5a815 | Triage

Sharing

General

Target

ce875226228081a3efd7ed41b4597a573b7799c1f38e2853ef6eb51649d5a815
Size

181KB
Sample

241120-kjamhsypdn
MD5

e1714e91acd7c82e9d0cfdf537b929fe
SHA1

2a15b3a87b8d7f9d5d593c50b5fdb3877ea38583
SHA256

ce875226228081a3efd7ed41b4597a573b7799c1f38e2853ef6eb51649d5a815
SHA512

c9cd268728f37657c518cc7ddb67521c0a8f3ff12f7ece0f722f3a5a48adcb99ff9a67787ed62303ae8d845365b93572b7bda783d8a46d8ffbaa9ad09a76426f
SSDEEP

3072:9N62y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBU0asiv8Ob7V:9N62k4PF7tGiL3HJk9rD7b0asiv8GZ

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

- Target
  
  ce875226228081a3efd7ed41b4597a573b7799c1f38e2853ef6eb51649d5a815
- Size
  
  181KB
- MD5
  
  e1714e91acd7c82e9d0cfdf537b929fe
- SHA1
  
  2a15b3a87b8d7f9d5d593c50b5fdb3877ea38583
- SHA256
  
  ce875226228081a3efd7ed41b4597a573b7799c1f38e2853ef6eb51649d5a815
- SHA512
  
  c9cd268728f37657c518cc7ddb67521c0a8f3ff12f7ece0f722f3a5a48adcb99ff9a67787ed62303ae8d845365b93572b7bda783d8a46d8ffbaa9ad09a76426f
- SSDEEP
  
  3072:9N62y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBU0asiv8Ob7V:9N62k4PF7tGiL3HJk9rD7b0asiv8GZ
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2