4c3f330bfb74364b61ee132566a9e1ddef8c1b15b7465ca2afd03e6ec23db45f | Triage

Sharing

General

Target

4c3f330bfb74364b61ee132566a9e1ddef8c1b15b7465ca2afd03e6ec23db45f
Size

291KB
Sample

241120-ms7dysvgle
MD5

a46d29710dd6382d57bd63956a70398c
SHA1

2c2a7a24cb960cf6c681f49de8289b3c926052b3
SHA256

4c3f330bfb74364b61ee132566a9e1ddef8c1b15b7465ca2afd03e6ec23db45f
SHA512

66c718e7fe4cd762efa2c86392647b2db5f42a4c8bcb69110e1145a5bf85669d02281a25964780962eed24090cbf52a585e80010402e382978f1a1d088cd9e3e
SSDEEP

6144:T0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+Mq0XLswqqj2Ng+/HCxJtbGqFN:T0E3dxtR/iU9mvUPMqUsw32Ng+/HCxJt

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://www.besthelpinghand.com/wp-admin/tsh4/

exe.dropper

http://safari7.devitsandbox.com/error-log/wuuie/

exe.dropper

https://iconeprojetos.eng.br/wp-includes/rest-api/pkOOwDoI/

exe.dropper

http://hecquet.info/clickandbuilds/mV8Sn/

exe.dropper

http://trungcapduochanoi.info/wp-admin/w3pg1ny/

Targets

- Target
  
  4c3f330bfb74364b61ee132566a9e1ddef8c1b15b7465ca2afd03e6ec23db45f
- Size
  
  291KB
- MD5
  
  a46d29710dd6382d57bd63956a70398c
- SHA1
  
  2c2a7a24cb960cf6c681f49de8289b3c926052b3
- SHA256
  
  4c3f330bfb74364b61ee132566a9e1ddef8c1b15b7465ca2afd03e6ec23db45f
- SHA512
  
  66c718e7fe4cd762efa2c86392647b2db5f42a4c8bcb69110e1145a5bf85669d02281a25964780962eed24090cbf52a585e80010402e382978f1a1d088cd9e3e
- SSDEEP
  
  6144:T0Rum7mdLRp1bbSBIR/EHGtCMXgTo8qoFt/etg+Mq0XLswqqj2Ng+/HCxJtbGqFN:T0E3dxtR/iU9mvUPMqUsw32Ng+/HCxJt
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2