Overview

overview

10

Static

static

8

0674a58111...b8.doc

windows7-x64

10

0674a58111...b8.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0674a581112c42ee8ab34769aef9d8ef1252bb2267490436334b2e2747f22cb8

  • Size

    175KB

  • Sample

    241120-z95b5svanp

  • MD5

    b193b86be161c703a4e49e34eeff6029

  • SHA1

    2890a1bf9818e96e92bfc869a474acf460822fa1

  • SHA256

    0674a581112c42ee8ab34769aef9d8ef1252bb2267490436334b2e2747f22cb8

  • SHA512

    879e670b02ce768cc21997b523a5847025862a002dfba2fc7b3805f18fe87fe4d96eddb02139e6c4e8d3fe2b2a27e8a23f64fd4773f3b3ef5a052bbf241893ad

  • SSDEEP

    3072:Dl4PrXcuQuvpzm4bkiaMQgAlSQ9THaHDaCppKw3E17oB:WDRv1m4bnQgISGTHBw3Eu

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://chadcast.com/public_html/dU1iLSL3hw/
exe.dropper

http://blondenerd.com/cgi-bin/2K3jGP3q1w/
exe.dropper

http://bluespaceit.com/rodselectrical.net.au/dt72vCkz/
exe.dropper

http://bitbenderz.com/azam/OqMIf94117/
exe.dropper

http://bjbus.net/files/9O85/

Targets

    • Target

      0674a581112c42ee8ab34769aef9d8ef1252bb2267490436334b2e2747f22cb8

    • Size

      175KB

    • MD5

      b193b86be161c703a4e49e34eeff6029

    • SHA1

      2890a1bf9818e96e92bfc869a474acf460822fa1

    • SHA256

      0674a581112c42ee8ab34769aef9d8ef1252bb2267490436334b2e2747f22cb8

    • SHA512

      879e670b02ce768cc21997b523a5847025862a002dfba2fc7b3805f18fe87fe4d96eddb02139e6c4e8d3fe2b2a27e8a23f64fd4773f3b3ef5a052bbf241893ad

    • SSDEEP

      3072:Dl4PrXcuQuvpzm4bkiaMQgAlSQ9THaHDaCppKw3E17oB:WDRv1m4bnQgISGTHBw3Eu

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks