Overview

overview

10

Static

static

8

22dc52cbd0...51.xls

windows7-x64

10

22dc52cbd0...51.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22dc52cbd0d214016d130b41d0a177c291d4d9e3ae04d7925006d702759aa051

  • Size

    142KB

  • Sample

    241120-vb5ssszkhv

  • MD5

    36d921b83e8cc3ff05860d816747dd00

  • SHA1

    5297900f28a0f422af88d02cac339cff61788e29

  • SHA256

    22dc52cbd0d214016d130b41d0a177c291d4d9e3ae04d7925006d702759aa051

  • SHA512

    d88de1976a69ae97d041e7b85eb8ba6e637aebf5e88bf7723cf13f26962479cfc46e1afdc5eac5fb3c5e3c0d320410abb23cf365867825c7dc351f55fb426bd0

  • SSDEEP

    3072:I7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI4Gxn:ScKoSsxzNDZLDZjlbR868O8K0c03D38q

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://rkeeperua.com/include/FXBsVAOd1U/
exe.dropper

http://pozhadvokat.com/images/QmZXA9kRUU8xZZF/
exe.dropper

http://queens.renovatiog.ltd/wp-includes/LDH/
exe.dropper

http://renovatiomarketing.com/renovatiomarketing.com/A/
exe.dropper

http://remedy.eventmasti.com/vendor/Y2XclYoCdDzSSua/
exe.dropper

http://ppdbsma.insanrabbany.sch.id/gkvvb/sXVYo8HsPSFQh/
exe.dropper

http://pinnaclehomesusa.net/870xg9/pNp3a1iHCKaZwYEV/
exe.dropper

http://dandtpremierhomes.com/eapn/lpN6dcAppn/
exe.dropper

http://keluargamalaysia.bliblah.com/cgi-bin/FUzc3KOKN3DNeee/
exe.dropper

http://crisbdev.com/wp-content/2dmXYgLVdkV/

Targets

    • Target

      22dc52cbd0d214016d130b41d0a177c291d4d9e3ae04d7925006d702759aa051

    • Size

      142KB

    • MD5

      36d921b83e8cc3ff05860d816747dd00

    • SHA1

      5297900f28a0f422af88d02cac339cff61788e29

    • SHA256

      22dc52cbd0d214016d130b41d0a177c291d4d9e3ae04d7925006d702759aa051

    • SHA512

      d88de1976a69ae97d041e7b85eb8ba6e637aebf5e88bf7723cf13f26962479cfc46e1afdc5eac5fb3c5e3c0d320410abb23cf365867825c7dc351f55fb426bd0

    • SSDEEP

      3072:I7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TI4Gxn:ScKoSsxzNDZLDZjlbR868O8K0c03D38q

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks