Overview

overview

10

Static

static

8

ba79b7f9d4...74.doc

windows7-x64

10

ba79b7f9d4...74.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba79b7f9d4cbb86ebe45caa23530d6e69c190076bb340180a2dcd54fee2f7674

  • Size

    177KB

  • Sample

    241121-azdc8sxjbx

  • MD5

    df082fcf46023be3a68aad02c8024b14

  • SHA1

    f4267d3d8f6442cd414fa4e5e6c31380283df8d4

  • SHA256

    ba79b7f9d4cbb86ebe45caa23530d6e69c190076bb340180a2dcd54fee2f7674

  • SHA512

    265ffec4e7d667ef3c6215f58d54d12d24e63323551f8dbbad1cdead0465756c0c81f4e9c6f6117ebd73d15d8fd411877777f649806f8804d1d775d3e22b70a3

  • SSDEEP

    3072:ZT2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBUqZB0zstySfNllXe:ZT2k43tGiL3HJk96D7bc0z0rllX

Score
10/10
discoveryexecutionmacro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.yadegarebastan.com/wp-content/mhear/
exe.dropper

http://bikerzonebd.com/wp-admin/89gw/
exe.dropper

http://shptoys.com/_old/bvGej/
exe.dropper

http://www.vestalicom.com/facturation/qgm0t/
exe.dropper

http://www.aliounendiaye.com/wp-content/f3hs6j/

Targets

    • Target

      ba79b7f9d4cbb86ebe45caa23530d6e69c190076bb340180a2dcd54fee2f7674

    • Size

      177KB

    • MD5

      df082fcf46023be3a68aad02c8024b14

    • SHA1

      f4267d3d8f6442cd414fa4e5e6c31380283df8d4

    • SHA256

      ba79b7f9d4cbb86ebe45caa23530d6e69c190076bb340180a2dcd54fee2f7674

    • SHA512

      265ffec4e7d667ef3c6215f58d54d12d24e63323551f8dbbad1cdead0465756c0c81f4e9c6f6117ebd73d15d8fd411877777f649806f8804d1d775d3e22b70a3

    • SSDEEP

      3072:ZT2y/GdynktGDWLS0HZWD5w8K7Nk96D7IBUqZB0zstySfNllXe:ZT2k43tGiL3HJk96D7bc0z0rllX

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks