Overview

overview

10

Static

static

8

241b198d22...1a.xls

windows7-x64

10

241b198d22...1a.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    241b198d22c1ddff730ef8acab9e595b1fc0e5fb7801b09d9dbbb81ce875121a

  • Size

    88KB

  • Sample

    241120-zyandsxqhr

  • MD5

    6929e695a4a04b82e1cd89121d75e93b

  • SHA1

    ca5639691f1501da0d50fd4cf7c0d82e5e3b51e6

  • SHA256

    241b198d22c1ddff730ef8acab9e595b1fc0e5fb7801b09d9dbbb81ce875121a

  • SHA512

    dbcfa9b52c1fd634ace7dc23fe8a34fe41080ac8cd67a98c544bd8a7998808a0ac9f6106a367c1cceeff858063c14b863423d1a34dcf84cb57e2f13587f4829c

  • SSDEEP

    1536:Fyehv7q2Pjx45uoDGTj+5xtekEvi8/dgL8EsAeE9jbDXQAzkWvgrPE4nWHPNc2AF:Fyehv7q2Pjx45uoDGTj+5xtekEvi8/db

Score
10/10
discoveryexecutionmacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://wearsweetbomb.com/wp-content/15zZybP1EXttxDK4JH/
exe.dropper

https://1566xueshe.com/wp-includes/z92ZVqHH8/
exe.dropper

http://mymicrogreen.mightcode.com/Fox-C/NWssAbNOJDxhs/
exe.dropper

http://o2omart.co.in/infructuose/m4mgt2MeU/
exe.dropper

http://mtc.joburg.org.za/-/GBGJeFxXWlNbABv2/
exe.dropper

http://www.ama.cu/jpr/VVP/
exe.dropper

http://actividades.laforetlanguages.com/wp-admin/dU8Ds/
exe.dropper

https://dwwmaster.com/wp-content/1sR2HfFxQnkWuu/
exe.dropper

https://edu-media.cn/wp-admin/0JAE/
exe.dropper

https://iacademygroup.cl/office/G42LJPLkl/
exe.dropper

https://znzhou.top/mode/0Qb/

Targets

    • Target

      241b198d22c1ddff730ef8acab9e595b1fc0e5fb7801b09d9dbbb81ce875121a

    • Size

      88KB

    • MD5

      6929e695a4a04b82e1cd89121d75e93b

    • SHA1

      ca5639691f1501da0d50fd4cf7c0d82e5e3b51e6

    • SHA256

      241b198d22c1ddff730ef8acab9e595b1fc0e5fb7801b09d9dbbb81ce875121a

    • SHA512

      dbcfa9b52c1fd634ace7dc23fe8a34fe41080ac8cd67a98c544bd8a7998808a0ac9f6106a367c1cceeff858063c14b863423d1a34dcf84cb57e2f13587f4829c

    • SSDEEP

      1536:Fyehv7q2Pjx45uoDGTj+5xtekEvi8/dgL8EsAeE9jbDXQAzkWvgrPE4nWHPNc2AF:Fyehv7q2Pjx45uoDGTj+5xtekEvi8/db

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks