Overview

overview

10

Static

static

8

d286ca2b78...16.xls

windows7-x64

10

d286ca2b78...16.xls

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d286ca2b78e0ae4b035d47f12bcc5716

  • Size

    151KB

  • Sample

    250327-yenkgaxsgx

  • MD5

    d286ca2b78e0ae4b035d47f12bcc5716

  • SHA1

    a37c1586a48d4cffd2af18896828764c67096d88

  • SHA256

    b3696d2a2ca5cc82245002bd3c628cec835147e32691b99820f340f5a3ed7212

  • SHA512

    4e05626ac12373f0f37d66277cc7840e6c187210fe4fa5a87ceb463d63c999822108e93d71690ee9ad833a281323722c981c0c79061d5b3c742b96776b73be79

  • SSDEEP

    3072:XcKoSsxzNDZLDZjlbR868O8KlVH3yehvMqAPjxO5xyZUE5V5xtezEVg8/dgL4Lcq:XcKoSsxzNDZLDZjlbR868O8KlVH3yehk

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://store.uxdsummit.com/wp-admin/VfgBSQa7Z/
exe.dropper

https://glowrentals.com/wp-admin/f1zeAKGTnS6I/
exe.dropper

http://candisee.bminteractivegroup.com/1g94ngo/2n7lJoPuPDEanPcX/
exe.dropper

http://bachilleratoporciclos.org/wp-content/zR/
exe.dropper

http://formula8020.com/css/JCuR6OE404DgR/
exe.dropper

http://lucasandbarbiehodges.net/wp-content/nbKbVJ8E55V2I/
exe.dropper

https://www.monet.kiev.ua/css/KvkD194/
exe.dropper

http://royalsnackmyanmar.com/wp-includes/Z4E3Vtp8k4Z/
exe.dropper

https://theclubgym.in/wp-includes/jnTMKV3pHa9a/
exe.dropper

https://ssf2.edelta.in/Themes/7hGzIAH5BYf9fFLK/
exe.dropper

https://subs.video/netreginstall/7LKhp4JjAyQ0mc/
exe.dropper

http://homedekornaturalcraft.com/ymu/fGsFT7j/
exe.dropper

http://gosporthistoryclub.org.uk/wp-content/vOixo/
exe.dropper

http://stimulusbrand.com/5qAhX5nC-content/1/
exe.dropper

https://readyplans.in/wp-content/UtiS4IPBYSIiaPzCCe/
exe.dropper

http://pgegroups.com/ism.pgegroups.com/HTv8/
exe.dropper

http://asaanweb.com/PHPMailer-master/1MYGpHszzRfHAN4/

Targets

    • Target

      d286ca2b78e0ae4b035d47f12bcc5716

    • Size

      151KB

    • MD5

      d286ca2b78e0ae4b035d47f12bcc5716

    • SHA1

      a37c1586a48d4cffd2af18896828764c67096d88

    • SHA256

      b3696d2a2ca5cc82245002bd3c628cec835147e32691b99820f340f5a3ed7212

    • SHA512

      4e05626ac12373f0f37d66277cc7840e6c187210fe4fa5a87ceb463d63c999822108e93d71690ee9ad833a281323722c981c0c79061d5b3c742b96776b73be79

    • SSDEEP

      3072:XcKoSsxzNDZLDZjlbR868O8KlVH3yehvMqAPjxO5xyZUE5V5xtezEVg8/dgL4Lcq:XcKoSsxzNDZLDZjlbR868O8KlVH3yehk

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks