Overview

overview

10

Static

static

8

69e034d0cc...b0.doc

windows7-x64

10

69e034d0cc...b0.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69e034d0ccd7913d8b96ed546a7018db92f1b8a99ca39fa35830f7e66240f7b0

  • Size

    181KB

  • Sample

    241120-qjty2sxmcx

  • MD5

    e3cdf5c478d6cdbb159c1564526e61e4

  • SHA1

    0bec432c775c47df20f9c525788a765d4fd4fb04

  • SHA256

    69e034d0ccd7913d8b96ed546a7018db92f1b8a99ca39fa35830f7e66240f7b0

  • SHA512

    a38548f243c6a97c88e6b7d3aea1aaef9a524c93b098f4b3a5e083eb9036b31a5a4ba5107f6c6c9d7d609b110814513f55372c5c519997041cf44854276a2e90

  • SSDEEP

    3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7X:9NO2k4PF7tGiL3HJk9rD7bdasiv86D

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://diwafashions.com/wp-admin/mqau6/
exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/
exe.dropper

http://diaspotv.info/wordpress/G/
exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

    • Target

      69e034d0ccd7913d8b96ed546a7018db92f1b8a99ca39fa35830f7e66240f7b0

    • Size

      181KB

    • MD5

      e3cdf5c478d6cdbb159c1564526e61e4

    • SHA1

      0bec432c775c47df20f9c525788a765d4fd4fb04

    • SHA256

      69e034d0ccd7913d8b96ed546a7018db92f1b8a99ca39fa35830f7e66240f7b0

    • SHA512

      a38548f243c6a97c88e6b7d3aea1aaef9a524c93b098f4b3a5e083eb9036b31a5a4ba5107f6c6c9d7d609b110814513f55372c5c519997041cf44854276a2e90

    • SSDEEP

      3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7X:9NO2k4PF7tGiL3HJk9rD7bdasiv86D

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks