c5918c1c684c5dd20f039fb3442638a98d4e139936336d64b2accdeed7558390 | Triage

Submit
Reports

Overview

overview

Static

static

4_57826390...9.docx

windows7_x64

7

4_57826390...9.docx

windows10_x64

Sharing

General

Target

4_5782639054168262929.docx
Size

95KB
Sample

200711-78m2q6me4x
MD5

e51e433a767ef0598c96765c57fd2a58
SHA1

a26b73801943eb12d3cb103306c10b47fe66e432
SHA256

c5918c1c684c5dd20f039fb3442638a98d4e139936336d64b2accdeed7558390
SHA512

44443ea971ae5765ea3ae32517e6eba4c370ad0b50cdde5a7dffb28861c6abbb46b3909b051341972df70fce0a42b66c1d9d1a6f3d53bc8d1d64cc26fcdacb5f

Score

10^/10

evasion spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

4_5782639054168262929.docx

Resource

win7v200430

evasion spyware trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4_5782639054168262929.docx

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4_5782639054168262929.docx
- Size
  
  95KB
- MD5
  
  e51e433a767ef0598c96765c57fd2a58
- SHA1
  
  a26b73801943eb12d3cb103306c10b47fe66e432
- SHA256
  
  c5918c1c684c5dd20f039fb3442638a98d4e139936336d64b2accdeed7558390
- SHA512
  
  44443ea971ae5765ea3ae32517e6eba4c370ad0b50cdde5a7dffb28861c6abbb46b3909b051341972df70fce0a42b66c1d9d1a6f3d53bc8d1d64cc26fcdacb5f
Score

10^/10

evasion spyware trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Abuses OpenXML format to download file from external location
- Modifies system certificate store
  evasion spyware trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywaretrojan

behavioral2

© 2018-2024

Terms | Privacy