3a3c89a0440aa8dda0278f276fb57c751c9d10c68bbc96f5409126e651aa8152 | Triage

Submit
Reports

Overview

overview

Static

static

8

3a3c89a044...52.doc

windows7-x64

3a3c89a044...52.doc

windows10-2004-x64

6

Sharing

General

Target

3a3c89a0440aa8dda0278f276fb57c751c9d10c68bbc96f5409126e651aa8152
Size

171KB
Sample

241120-zpzadsxpdr
MD5

d9c29a894206b52c9cbe72edd90182a1
SHA1

01e60a5d1ab06fc9fbf658925f92cd931022d059
SHA256

3a3c89a0440aa8dda0278f276fb57c751c9d10c68bbc96f5409126e651aa8152
SHA512

ee51745de3cdfa64c1eeb2d13697e715176906e09c5d4f5d4632ea839027c23bf5f24c1a1282e0b53b16fc4253d912009e6c33291fd4618ab7d411bd2b47e29e
SSDEEP

3072:SG4PrXcuQuvpzm4bkiaMQgAlSApJ0aP7qI0DaCppgRyLtGIhRD:8DRv1m4bnQgISCJ0aPkGIhRD

Score

10^/10

discovery macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a3c89a0440aa8dda0278f276fb57c751c9d10c68bbc96f5409126e651aa8152.doc

Resource

win7-20240903-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a3c89a0440aa8dda0278f276fb57c751c9d10c68bbc96f5409126e651aa8152.doc

Resource

win10v2004-20241007-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://departure.world/wp-content/V4GFFNihI/

exe.dropper

http://songbadtv.com/wp-includes/XQrT027149/

exe.dropper

https://planet7vip.com/czy/hR8MMWwRkY/

exe.dropper

http://blog.tujanena.com/ariu/C2LSRbc8/

exe.dropper

http://drsoli.com/k1vjzk/XtSsbRPzyI/

Targets

- Target
  
  3a3c89a0440aa8dda0278f276fb57c751c9d10c68bbc96f5409126e651aa8152
- Size
  
  171KB
- MD5
  
  d9c29a894206b52c9cbe72edd90182a1
- SHA1
  
  01e60a5d1ab06fc9fbf658925f92cd931022d059
- SHA256
  
  3a3c89a0440aa8dda0278f276fb57c751c9d10c68bbc96f5409126e651aa8152
- SHA512
  
  ee51745de3cdfa64c1eeb2d13697e715176906e09c5d4f5d4632ea839027c23bf5f24c1a1282e0b53b16fc4253d912009e6c33291fd4618ab7d411bd2b47e29e
- SSDEEP
  
  3072:SG4PrXcuQuvpzm4bkiaMQgAlSApJ0aP7qI0DaCppgRyLtGIhRD:8DRv1m4bnQgISCJ0aPkGIhRD
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy