9681c0c07bdd630a1953d61e383038b057986a7a05c3f5f0f5d8370f3acd4515 | Triage

Sharing

General

Target

WyChVIlbg.zip
Size

76KB
Sample

241129-nkh7tsxpbk
MD5

5dca4a22385de244c7accc88282b9987
SHA1

7c8490e16d245ac7936d02bb5b5bd99f9077b362
SHA256

9681c0c07bdd630a1953d61e383038b057986a7a05c3f5f0f5d8370f3acd4515
SHA512

84c8ec4f8a843b5ab454148354522434096e1139e676d01f58bfcde290d7eefca000f84b1238d5de02967867254a22762c9c5f7f4a2c5548fb6e29e487ef5231
SSDEEP

1536:H6zQ03WEgJmSUOEmFc1porvFffmzQ03WEgJmSUOEmFc1porvFfN2W1:pWvgJhDqHoDWvgJhDqHoyy

Score

10^/10

dropper execution

Malware Config

Targets

- Target
  
  WyChVIlbg.zip
- Size
  
  76KB
- MD5
  
  5dca4a22385de244c7accc88282b9987
- SHA1
  
  7c8490e16d245ac7936d02bb5b5bd99f9077b362
- SHA256
  
  9681c0c07bdd630a1953d61e383038b057986a7a05c3f5f0f5d8370f3acd4515
- SHA512
  
  84c8ec4f8a843b5ab454148354522434096e1139e676d01f58bfcde290d7eefca000f84b1238d5de02967867254a22762c9c5f7f4a2c5548fb6e29e487ef5231
- SSDEEP
  
  1536:H6zQ03WEgJmSUOEmFc1porvFffmzQ03WEgJmSUOEmFc1porvFfN2W1:pWvgJhDqHoDWvgJhDqHoyy
Score

10^/10

dropper execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Download via BitsAdmin
  dropper
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

dropperexecution