Overview

overview

10

Static

static

8

5b00c5f6e1...ca.xls

windows7-x64

10

5b00c5f6e1...ca.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b00c5f6e1b192858bf64564ebfd60bcce35442ce78fc0100f1cbac04bc57fca

  • Size

    144KB

  • Sample

    241121-asbk3awqf1

  • MD5

    0fbc6c107087ed9cd9e3fe4ee3ca0546

  • SHA1

    38a3275b96c5ad0e6062580eac6ac16ba173785a

  • SHA256

    5b00c5f6e1b192858bf64564ebfd60bcce35442ce78fc0100f1cbac04bc57fca

  • SHA512

    a2da6df30aaa0c3dd846ddc65827f6d3ca9e6d23b7b10e41cf2b53ce99f96636187da3ac6796030be810608b34b93c995c8e9d919d8d0e5f2fde3b3764d15c08

  • SSDEEP

    3072:E7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIfGxX:2cKoSsxzNDZLDZjlbR868O8K0c03D387

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://four.renovatiog.ltd/wp-includes/KGzoB0zsRKZjjEe/
exe.dropper

http://adultfriendfinder-adultfriends.com/mmfdoublepenetrationadultfriends/0pcEeJPfwMU/
exe.dropper

http://jwellery.fameitc.com/wp-includes/wQK7z9cEcwWCUG/
exe.dropper

http://arcgakuin-dev2.sukoburu-secure.com/l35uhr/R1evmjjhga/
exe.dropper

http://bimesarayenovin.ir/wp-admin/z464/
exe.dropper

http://hostfeeling.com/wp-admin/DidtoZk2EEc7BWXyhh/
exe.dropper

http://gardeningfilm.com/wp-content/Ef/
exe.dropper

http://moneymagnetentertainment.com/pz66t8y/Bd0sR0htA8mHibNJrk/
exe.dropper

https://100lamp.com.ua:443/sale/a/
exe.dropper

http://queenofluv.com/uemsub/peLSdHCvfhkge/

Targets

    • Target

      5b00c5f6e1b192858bf64564ebfd60bcce35442ce78fc0100f1cbac04bc57fca

    • Size

      144KB

    • MD5

      0fbc6c107087ed9cd9e3fe4ee3ca0546

    • SHA1

      38a3275b96c5ad0e6062580eac6ac16ba173785a

    • SHA256

      5b00c5f6e1b192858bf64564ebfd60bcce35442ce78fc0100f1cbac04bc57fca

    • SHA512

      a2da6df30aaa0c3dd846ddc65827f6d3ca9e6d23b7b10e41cf2b53ce99f96636187da3ac6796030be810608b34b93c995c8e9d919d8d0e5f2fde3b3764d15c08

    • SSDEEP

      3072:E7cKoSsxzNDZLDZjlbR868O8K0c03D38TehYTdeHVhjqabWHLtyeGx6Z84TIfGxX:2cKoSsxzNDZLDZjlbR868O8K0c03D387

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks