Overview

overview

10

Static

static

1

33e3844418...4d.doc

windows7-x64

10

33e3844418...4d.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33e3844418c24c485809c1e88aeec5edeb61c951dc15fd342b747920d564574d

  • Size

    184KB

  • Sample

    241121-ak7crs1maj

  • MD5

    b7b7816ab8e441be97cc8d0d012488cd

  • SHA1

    edafaaa99a8d966b677f3bd5c547ab9121674f31

  • SHA256

    33e3844418c24c485809c1e88aeec5edeb61c951dc15fd342b747920d564574d

  • SHA512

    1816135352322f8e646afcc15f4c7259aa10747d3ee5baca3bb68b1330a664f4db6d8e32c13ea34f769b856a61ef35580dca6d984efe0f16087a089c006779e9

  • SSDEEP

    3072:Wx2y/GdynktGDWLS0HZWD5w8K7Nk9uD7IBUnUasgt+PpkkrbfzHQfzZExXMHIwtn:Wx2k43tGiL3HJk9uD7bnUasFPpkkrbfs

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://amstaffrecords.com/individualApi/0/
exe.dropper

http://foozoop.com/wp-content/Qxi7iVD/
exe.dropper

http://7arasport.com/validatefield/gj/
exe.dropper

http://dev2.ektonendon.gr/cgi-bin/mTTCFmVe/
exe.dropper

https://diagnostica-products.com/wp-admin/hio2u7w/

Targets

    • Target

      33e3844418c24c485809c1e88aeec5edeb61c951dc15fd342b747920d564574d

    • Size

      184KB

    • MD5

      b7b7816ab8e441be97cc8d0d012488cd

    • SHA1

      edafaaa99a8d966b677f3bd5c547ab9121674f31

    • SHA256

      33e3844418c24c485809c1e88aeec5edeb61c951dc15fd342b747920d564574d

    • SHA512

      1816135352322f8e646afcc15f4c7259aa10747d3ee5baca3bb68b1330a664f4db6d8e32c13ea34f769b856a61ef35580dca6d984efe0f16087a089c006779e9

    • SSDEEP

      3072:Wx2y/GdynktGDWLS0HZWD5w8K7Nk9uD7IBUnUasgt+PpkkrbfzHQfzZExXMHIwtn:Wx2k43tGiL3HJk9uD7bnUasFPpkkrbfs

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks