Overview

overview

10

Static

static

8

077782b6f0...da.xls

windows7-x64

10

077782b6f0...da.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    077782b6f094679f07c7d75532c4ade80b393aaecc21a9e99ce9db2a2a2363da

  • Size

    138KB

  • Sample

    241121-aamwdaxarj

  • MD5

    240e23646f7eea10d96c6d094abae48a

  • SHA1

    8f163824581c9e8eca26aa43708816b1db7b0c3b

  • SHA256

    077782b6f094679f07c7d75532c4ade80b393aaecc21a9e99ce9db2a2a2363da

  • SHA512

    aace2d47cba74b058506cad53fe38cef310bed91c24e98f8581b07101c73af452a07b2499b595135f855e899af6e0604b2e8a4efcf88b526f73dbb05305443ae

  • SSDEEP

    3072:uKehv7q2Pjx45uoDGTj+5xtekEvi8/dgwa3Wm47CdX5gVvhoxzYLasdJXIchFL:lehv7q2Pjx45uoDGTj+5xtFEvi8/dgwh

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://midnightsilvercrafters.com/store/wBjNOUw/
exe.dropper

http://tempral.com/NATE_05_22_2009/BI710N4cQ6R3/
exe.dropper

https://redington.karmatechmediaworks.com/wp-content/3JVuVx7QUM/
exe.dropper

https://uhc.karmatechmediaworks.com/wp-content/0EqfdeznntlOpaIP2Qv/
exe.dropper

https://servilogic.net/b/14hqrdyP0Z3WsbQib8/
exe.dropper

https://comezmuhendislik.com/ljfrmm/VTpHRFWoORAHnRQ3aQL/
exe.dropper

http://webmail.glemedical.com/wp-content/J1M2xxodH/
exe.dropper

http://toto.karmatechmediaworks.com/wp-content/i826vbcVgRJ/
exe.dropper

https://golfpia.karmatechmediaworks.com/wp-content/oEicpDnEkk/
exe.dropper

https://fortiuspharma.com/y6krss/EGm347cqj5/
exe.dropper

https://garyjharris.com/cgi-bin/0hH/
exe.dropper

https://vietnam.karmatechmediaworks.com/wp-content/PfSVQagusZy7AaMw/
exe.dropper

https://vinculinc.karmatechmediaworks.com/wp-content/VlcOPPwgidWlXDJNs6/

Targets

    • Target

      077782b6f094679f07c7d75532c4ade80b393aaecc21a9e99ce9db2a2a2363da

    • Size

      138KB

    • MD5

      240e23646f7eea10d96c6d094abae48a

    • SHA1

      8f163824581c9e8eca26aa43708816b1db7b0c3b

    • SHA256

      077782b6f094679f07c7d75532c4ade80b393aaecc21a9e99ce9db2a2a2363da

    • SHA512

      aace2d47cba74b058506cad53fe38cef310bed91c24e98f8581b07101c73af452a07b2499b595135f855e899af6e0604b2e8a4efcf88b526f73dbb05305443ae

    • SSDEEP

      3072:uKehv7q2Pjx45uoDGTj+5xtekEvi8/dgwa3Wm47CdX5gVvhoxzYLasdJXIchFL:lehv7q2Pjx45uoDGTj+5xtFEvi8/dgwh

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks