Overview

overview

10

Static

static

1

320684ec5e...72.doc

windows7-x64

10

320684ec5e...72.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    320684ec5ea1c4b75a57dd6430a55e3482db826ecbca80b18e08d3829f11a372

  • Size

    197KB

  • Sample

    241120-q5bdtsxpes

  • MD5

    4d1de09a8434e90f3be81bc687406ca5

  • SHA1

    bdb7ba53e7382378938f316f0b8df56147e9bf84

  • SHA256

    320684ec5ea1c4b75a57dd6430a55e3482db826ecbca80b18e08d3829f11a372

  • SHA512

    715e7f65f293e1cfbb52611e017cb1d6d497c68c56af2bc84f348c557d910a21898258aba9269a565002912c81301611d92e3091ef99d6f0e35a2f82ca5d5a25

  • SSDEEP

    3072:a22y/GdynktGDWLS0HZWD5w8K7Nk98D7IBU4awiVQdwHch:a22k43tGiL3HJk98D7b4Z2Qq4

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://salvacodina.com/wp-admin/qWYFrK/
exe.dropper

http://serviska.com/show_cat3/lKzElbNb/
exe.dropper

https://bar-ola.com/wp-admin/KIdh35kENT/
exe.dropper

http://rinani.com/wp-includes/FFkV/
exe.dropper

https://wowmotions.com/wp-admin/A8LwzwQ/

Targets

    • Target

      320684ec5ea1c4b75a57dd6430a55e3482db826ecbca80b18e08d3829f11a372

    • Size

      197KB

    • MD5

      4d1de09a8434e90f3be81bc687406ca5

    • SHA1

      bdb7ba53e7382378938f316f0b8df56147e9bf84

    • SHA256

      320684ec5ea1c4b75a57dd6430a55e3482db826ecbca80b18e08d3829f11a372

    • SHA512

      715e7f65f293e1cfbb52611e017cb1d6d497c68c56af2bc84f348c557d910a21898258aba9269a565002912c81301611d92e3091ef99d6f0e35a2f82ca5d5a25

    • SSDEEP

      3072:a22y/GdynktGDWLS0HZWD5w8K7Nk98D7IBU4awiVQdwHch:a22k43tGiL3HJk98D7b4Z2Qq4

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks