7be8220e7c88a316208834df2fa1ba259ced1bf3c75cec9b47ad395f1588c82a | Triage

Sharing

General

Target

7be8220e7c88a316208834df2fa1ba259ced1bf3c75cec9b47ad395f1588c82a
Size

181KB
Sample

241120-yjwrmsskaw
MD5

fc04a920aa026fcacfe387dc064a3170
SHA1

1d67dcad990aa792b467b3989dba90de015b361c
SHA256

7be8220e7c88a316208834df2fa1ba259ced1bf3c75cec9b47ad395f1588c82a
SHA512

065caa9a68c051bafb2b7fc0968005aae5ad978009d0bf03e8154753119a7cb3b10571b17570cb9ddeed3f1d77cb86a0e5efa5f17823e177bc9b2956e0c6200b
SSDEEP

3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBU9asiv8Oc73:9NO2k4PF7tGiL3HJk9rD7b9asiv8dj

Score

10^/10

discovery execution macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://diwafashions.com/wp-admin/mqau6/

exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/

exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/

exe.dropper

http://diaspotv.info/wordpress/G/

exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Targets

- Target
  
  7be8220e7c88a316208834df2fa1ba259ced1bf3c75cec9b47ad395f1588c82a
- Size
  
  181KB
- MD5
  
  fc04a920aa026fcacfe387dc064a3170
- SHA1
  
  1d67dcad990aa792b467b3989dba90de015b361c
- SHA256
  
  7be8220e7c88a316208834df2fa1ba259ced1bf3c75cec9b47ad395f1588c82a
- SHA512
  
  065caa9a68c051bafb2b7fc0968005aae5ad978009d0bf03e8154753119a7cb3b10571b17570cb9ddeed3f1d77cb86a0e5efa5f17823e177bc9b2956e0c6200b
- SSDEEP
  
  3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBU9asiv8Oc73:9NO2k4PF7tGiL3HJk9rD7b9asiv8dj
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2