Overview

overview

10

Static

static

8

67de098686...f7.doc

windows7-x64

10

67de098686...f7.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67de098686a9b9928af8b96e4587e38a509f17aab35908b95c9061989f80b3f7

  • Size

    171KB

  • Sample

    241121-adrnqswdkg

  • MD5

    c8f1839c8400e855fdb9ca4b75642d91

  • SHA1

    943787a71c0e90d345d65b509977f8438d0516ad

  • SHA256

    67de098686a9b9928af8b96e4587e38a509f17aab35908b95c9061989f80b3f7

  • SHA512

    e1f35414dd477f47ecd62554dcbbd53a2953a3209e92ee0a6387df30ad0a330457408d4f17985633cebdd9c95d37b6c3069e74eec1982b76da1583acc94abdfb

  • SSDEEP

    3072:SG4PrXcuQuvpzm4bkiaMQgAlSApJ0aP7qI0DaCppgRyLtGIhRB:8DRv1m4bnQgISCJ0aPkGIhRB

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://departure.world/wp-content/V4GFFNihI/
exe.dropper

http://songbadtv.com/wp-includes/XQrT027149/
exe.dropper

https://planet7vip.com/czy/hR8MMWwRkY/
exe.dropper

http://blog.tujanena.com/ariu/C2LSRbc8/
exe.dropper

http://drsoli.com/k1vjzk/XtSsbRPzyI/

Targets

    • Target

      67de098686a9b9928af8b96e4587e38a509f17aab35908b95c9061989f80b3f7

    • Size

      171KB

    • MD5

      c8f1839c8400e855fdb9ca4b75642d91

    • SHA1

      943787a71c0e90d345d65b509977f8438d0516ad

    • SHA256

      67de098686a9b9928af8b96e4587e38a509f17aab35908b95c9061989f80b3f7

    • SHA512

      e1f35414dd477f47ecd62554dcbbd53a2953a3209e92ee0a6387df30ad0a330457408d4f17985633cebdd9c95d37b6c3069e74eec1982b76da1583acc94abdfb

    • SSDEEP

      3072:SG4PrXcuQuvpzm4bkiaMQgAlSApJ0aP7qI0DaCppgRyLtGIhRB:8DRv1m4bnQgISCJ0aPkGIhRB

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks