553036663ad0d69d6345379c655d27c109d2d0b7176079cd506e48c2e5839906 | Triage

Sharing

General

Target

553036663ad0d69d6345379c655d27c109d2d0b7176079cd506e48c2e5839906
Size

181KB
Sample

241120-ng7q1swaqe
MD5

401a105ff610704ca8f4f705d89b17d7
SHA1

a72226575c093fd3e5219c696b46f86e866dd7d8
SHA256

553036663ad0d69d6345379c655d27c109d2d0b7176079cd506e48c2e5839906
SHA512

ec936439eaf7a87dbfa0e4f059c44d504b708af142956ca1ae47ba94e8c0952db92d4e5b6170a6c4373955fb1d93c80ca1ff1a5d155d156d664d9548c74f3d49
SSDEEP

3072:9NW2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUEasiv8Of73:9NW2k4PF7tGiL3HJk9rD7bEasiv8mj

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

- Target
  
  553036663ad0d69d6345379c655d27c109d2d0b7176079cd506e48c2e5839906
- Size
  
  181KB
- MD5
  
  401a105ff610704ca8f4f705d89b17d7
- SHA1
  
  a72226575c093fd3e5219c696b46f86e866dd7d8
- SHA256
  
  553036663ad0d69d6345379c655d27c109d2d0b7176079cd506e48c2e5839906
- SHA512
  
  ec936439eaf7a87dbfa0e4f059c44d504b708af142956ca1ae47ba94e8c0952db92d4e5b6170a6c4373955fb1d93c80ca1ff1a5d155d156d664d9548c74f3d49
- SSDEEP
  
  3072:9NW2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUEasiv8Of73:9NW2k4PF7tGiL3HJk9rD7bEasiv8mj
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2