Overview

overview

10

Static

static

8

Dati_2807_2020.doc

windows7-x64

10

Dati_2807_2020.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e47e3ce42230963c4d4ba25d0a668846b00d0bb01cd66bd71efe813278e6aa5

  • Size

    99KB

  • Sample

    241120-nkybra1jcp

  • MD5

    d27708ecd11b60b2cf7a9d54f72a9b14

  • SHA1

    3c8f25967f229a0ab2eb7a1bb187b78e605c3568

  • SHA256

    0e47e3ce42230963c4d4ba25d0a668846b00d0bb01cd66bd71efe813278e6aa5

  • SHA512

    95758cc76c5266a95b6d230c5f8637647b35689c1da44aaf20f917d78c20484ff1e2f8791013f9b628e5df3c0ced06a1f30685c32f8fa9c525fb42968e9641d5

  • SSDEEP

    3072:Y6fU35GDNft+T4ufddiqL13XJrX92rOR4acM3nqR1yGF1cPjqYZJyK:YkUpGhtxaHvZJLGaj3gF1cPjqYZEK

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://chadcast.com/public_html/dU1iLSL3hw/
exe.dropper

http://blondenerd.com/cgi-bin/2K3jGP3q1w/
exe.dropper

http://bluespaceit.com/rodselectrical.net.au/dt72vCkz/
exe.dropper

http://bitbenderz.com/azam/OqMIf94117/
exe.dropper

http://bjbus.net/files/9O85/

Targets

    • Target

      Dati_2807_2020.doc

    • Size

      175KB

    • MD5

      f0d901a031bd6b9fd4334aab9c32f005

    • SHA1

      8219a38dba15f41b4ee649f715eacb4675fafc0d

    • SHA256

      00e580fbb7386c2e63da4a6b8868f904609859a0d52a387b6f581dfa2d2e6629

    • SHA512

      262c1d650603337b24ecbae078d446d1aed68ec903808431a631864a9db5510fdf642f791b35b4e0206e231508cb4d37470a9c35ebb8af358875efaaf407d4ce

    • SSDEEP

      3072:Dl4PrXcuQuvpzm4bkiaMQgAlSQ9THaHDaCppKw3E17oBK:WDRv1m4bnQgISGTHBw3EuK

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks