Overview

overview

10

Static

static

d8fc308f94...66.doc

windows7_x64

10

d8fc308f94...66.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8fc308f94016f51cafa022193fbfe26778451b981c413f8f73206730599b466

  • Size

    147KB

  • Sample

    200709-xdv6tvv7g6

  • MD5

    70812f69666fb0a7a305038253920457

  • SHA1

    f4c3e9dec1d2cd4e5d4de9ca39265c784894e836

  • SHA256

    d8fc308f94016f51cafa022193fbfe26778451b981c413f8f73206730599b466

  • SHA512

    8b64c034762008d800fe874968bf3bd3ee9e928e8c850834cdfb342f53d81a8d3acd80a29c3d009fa4fc308a89512ed3dc61ac3ef127f5897f59c2c83a8e41b4

Score
10/10

Malware Config

Targets

    • Target

      d8fc308f94016f51cafa022193fbfe26778451b981c413f8f73206730599b466

    • Size

      147KB

    • MD5

      70812f69666fb0a7a305038253920457

    • SHA1

      f4c3e9dec1d2cd4e5d4de9ca39265c784894e836

    • SHA256

      d8fc308f94016f51cafa022193fbfe26778451b981c413f8f73206730599b466

    • SHA512

      8b64c034762008d800fe874968bf3bd3ee9e928e8c850834cdfb342f53d81a8d3acd80a29c3d009fa4fc308a89512ed3dc61ac3ef127f5897f59c2c83a8e41b4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks