362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602 | Triage

Sharing

General

Target

362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602
Size

181KB
Sample

241120-v7j6za1cjp
MD5

2e89f8f34d9c1d63c57c9a545d5298e8
SHA1

5ff5f419ab1e8b2a753aed8cb87351b9299a621d
SHA256

362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602
SHA512

13d1218ef783c022b410b5244f3d8c92e904b15517a2cc40507bee31f3dcc932b4ad8501d08e3bb3344ee3d4c60f8f67081d77f466757fad6667341d206067ad
SSDEEP

3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7d:9NO2k4PF7tGiL3HJk9rD7bdasiv86B

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

- Target
  
  362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602
- Size
  
  181KB
- MD5
  
  2e89f8f34d9c1d63c57c9a545d5298e8
- SHA1
  
  5ff5f419ab1e8b2a753aed8cb87351b9299a621d
- SHA256
  
  362b17dae1075faba9fe643e328ea5ce5b682e71a90958f2716026c90fd84602
- SHA512
  
  13d1218ef783c022b410b5244f3d8c92e904b15517a2cc40507bee31f3dcc932b4ad8501d08e3bb3344ee3d4c60f8f67081d77f466757fad6667341d206067ad
- SSDEEP
  
  3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7d:9NO2k4PF7tGiL3HJk9rD7bdasiv86B
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2