Overview

overview

10

Static

static

8

223cd65775...0d.xls

windows7-x64

10

223cd65775...0d.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    223cd65775cc7ae7c51f008c979fdd81bf9334ac1510be4120b5a72f2e60830d

  • Size

    144KB

  • Sample

    241120-znd8tstepj

  • MD5

    c1fa1f292a680c4b364f181a890b9d9b

  • SHA1

    f2c784cfcca452022d9e39fa8310e5ba6b93054b

  • SHA256

    223cd65775cc7ae7c51f008c979fdd81bf9334ac1510be4120b5a72f2e60830d

  • SHA512

    1c4157daf0ad7d97af5bed5505320e9df6c5d2acc2a2f98f94814057501f47962db58df72b74ce49ff91ae0aafcfea9692d3fefa308bd2e4f1c0f8d9579f2b53

  • SSDEEP

    3072:n7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIKGxG:7cKoSsxzNDZLDZjlbR868O8K0c03D389

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://althyplane.com/wp-admin/ELWa8YcOqlJn/
exe.dropper

http://dreamdancefactory.clnetworktv.com/zegsgpzq/CT75/
exe.dropper

http://ajkersomaj.com/wp-admin/ThBwKpUbIffmrepRg/
exe.dropper

http://1asehrgut.com/dup-installer/3vESrkJAS97l/
exe.dropper

http://dreamcityloveaffair.com/60bv5/RG9Kb1qRlQ/
exe.dropper

http://dreamproductionsfl.com/tmw8t/Szjjcj5mU1ZA/
exe.dropper

http://dreamcityimprov.com/d5759pd/yzbV45v1nY/
exe.dropper

http://delmarpropertyservices.com/nw1t8jj/NUrSuFyX6P/
exe.dropper

http://batumi4u.com/nwj7iw/jgiK2uwhsu/
exe.dropper

http://blasieholmen-staging.tokig.site/b/SOcGvzIi31HDg/
exe.dropper

http://climate.thecedarcentre.org/cgi-bin/3eseeNZ/
exe.dropper

http://changeyourcommunitynow.com/s1hf7qm/TqcrwYcOiqV8fWA/

Targets

    • Target

      223cd65775cc7ae7c51f008c979fdd81bf9334ac1510be4120b5a72f2e60830d

    • Size

      144KB

    • MD5

      c1fa1f292a680c4b364f181a890b9d9b

    • SHA1

      f2c784cfcca452022d9e39fa8310e5ba6b93054b

    • SHA256

      223cd65775cc7ae7c51f008c979fdd81bf9334ac1510be4120b5a72f2e60830d

    • SHA512

      1c4157daf0ad7d97af5bed5505320e9df6c5d2acc2a2f98f94814057501f47962db58df72b74ce49ff91ae0aafcfea9692d3fefa308bd2e4f1c0f8d9579f2b53

    • SSDEEP

      3072:n7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIKGxG:7cKoSsxzNDZLDZjlbR868O8K0c03D389

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks