7ef18f7b96100c4dc8a648050ff5c5995b2ba175593ecbdde9a2c66ddb0a5efe | Triage

Submit
Reports

Overview

overview

Static

static

8

SecuriteIn...00.doc

windows7_x64

SecuriteIn...00.doc

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Exploit.Siggen2.9920.3882.15200
Size

175KB
Sample

200801-svmwp1912a
MD5

0044ba776778e2f3ec800a96294ce8b3
SHA1

0a3c6df795a29e3eef7ddf0aa2bfa03daf401e6e
SHA256

7ef18f7b96100c4dc8a648050ff5c5995b2ba175593ecbdde9a2c66ddb0a5efe
SHA512

d7ff746f87d9d43b5e104bebe979585de4a96d292bf3dfb057e8cc1a06298373bd762f7c18759c9f2cfd93abddc573d03c5baf3c0c62632b73dc7c418a0e4ded

Score

10^/10

discovery macro

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Exploit.Siggen2.9920.3882.15200.doc

Resource

win7v200722

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Exploit.Siggen2.9920.3882.15200.doc

Resource

win10v200722

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://fastreadhotnews.com/assets/87nzy_l5_nsek/

exe.dropper

http://xycgsck.com/wp-admin/4ltp_6h_d6hcijri8/

exe.dropper

https://boulderinn.com/cgi-bin/710sj1hy96ynyfens7bm53a9h_7gpg2a_g1487pb/

exe.dropper

http://chcquimica.com.br/loja/qtbmmjrt14kd4ot_t9cfy83_g42n8ts6/

exe.dropper

http://gijsvanroij.nl/170101/cua5mnzjfcg8bi8esjju_ryiud_qjv2zcgixs/

Targets

- Target
  
  SecuriteInfo.com.Exploit.Siggen2.9920.3882.15200
- Size
  
  175KB
- MD5
  
  0044ba776778e2f3ec800a96294ce8b3
- SHA1
  
  0a3c6df795a29e3eef7ddf0aa2bfa03daf401e6e
- SHA256
  
  7ef18f7b96100c4dc8a648050ff5c5995b2ba175593ecbdde9a2c66ddb0a5efe
- SHA512
  
  d7ff746f87d9d43b5e104bebe979585de4a96d292bf3dfb057e8cc1a06298373bd762f7c18759c9f2cfd93abddc573d03c5baf3c0c62632b73dc7c418a0e4ded
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blacklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy