Overview

overview

10

Static

static

AWB_770562...5.xlsm

windows7_x64

10

AWB_770562...5.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AWB_77056202006065.xlsm.zip

  • Size

    73KB

  • Sample

    200707-hwvrtrkzex

  • MD5

    eb5db77b844e8934196c84121bdbb2fa

  • SHA1

    823ebee3821d9742dda281379b951d6bd1675c30

  • SHA256

    d9a66ba025d4df0449454d6cb051a136b125a885ef53304372669b2e764f6f4b

  • SHA512

    2d5e32327026d7108ab07a9296037940847e3977c82f3a5b4a5738ee7d69aa9987ef025ed9ef4422b82b1057ad59121fa7876b04d489e7ce35b4826413d3b7a4

Score
10/10
evasionspywaretrojan

Malware Config

Targets

    • Target

      AWB_77056202006065.xlsm

    • Size

      76KB

    • MD5

      bda0c09e7b5bc942276961a4a2aee6f8

    • SHA1

      d95fa65c6fff05ca8ddd77ae0744dcdaf28eded5

    • SHA256

      acf7252ecfbf6eddbc5464ea769f3455bf17a9b0a2dc61abf1a7e8b0ffa7b5ee

    • SHA512

      9a835d376be4bbe7d0fc817cb40567107b55f554fa647e10c627e681642e65604f87c0d8ee336092fe677f04fd5dc50d8c66c4c8682af570772ec6ddd8698847

    Score
    10/10
    evasionspywaretrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Modifies system certificate store

      evasionspywaretrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks