Overview

overview

10

Static

static

custom_template.dotm

windows7_x64

10

custom_template.dotm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    custom_template.dotm

  • Size

    66KB

  • Sample

    200714-d6s6v79cqa

  • MD5

    0a222cc47b33e66646781732d40009a8

  • SHA1

    df6619f7ace034bd7109e4fddb48a71282152d1e

  • SHA256

    5766758c51c678d7f26a68947be2352ee091773239c4ffbbd62ed72cfbd8afdf

  • SHA512

    0e6a51083ac8ea8a51c9f87cd9e559d9deaffc1f1358678b0e9b83997615b7ee12ae856ccb006fca48250ebeacc545b25bd838891fc31da275194ec0497fad80

Score
10/10

Malware Config

Targets

    • Target

      custom_template.dotm

    • Size

      66KB

    • MD5

      0a222cc47b33e66646781732d40009a8

    • SHA1

      df6619f7ace034bd7109e4fddb48a71282152d1e

    • SHA256

      5766758c51c678d7f26a68947be2352ee091773239c4ffbbd62ed72cfbd8afdf

    • SHA512

      0e6a51083ac8ea8a51c9f87cd9e559d9deaffc1f1358678b0e9b83997615b7ee12ae856ccb006fca48250ebeacc545b25bd838891fc31da275194ec0497fad80

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks