Overview

overview

10

Static

static

legal pape...20.doc

windows7_x64

10

legal pape...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    legal paper_07.28.2020.doc

  • Size

    109KB

  • Sample

    200728-errcp5w1je

  • MD5

    27e1c0980b1737357b041154ac43acd2

  • SHA1

    686b652ec115e4ff259928b9b66cdbd4aaac7ce9

  • SHA256

    8d75e83e570e8faba7bfaf17b7d836d35681cd45e0bcf5366e29381fefb04dc1

  • SHA512

    f222fdf92eba821de1a8d6e809bc4846b5738b3195d7256f2214aaa3e479536804720befb8878318bc0462276b704a2f73a8b1a39aa1f4eb6c9e1dabcfe85195

Score
10/10
discovery

Malware Config

Targets

    • Target

      legal paper_07.28.2020.doc

    • Size

      109KB

    • MD5

      27e1c0980b1737357b041154ac43acd2

    • SHA1

      686b652ec115e4ff259928b9b66cdbd4aaac7ce9

    • SHA256

      8d75e83e570e8faba7bfaf17b7d836d35681cd45e0bcf5366e29381fefb04dc1

    • SHA512

      f222fdf92eba821de1a8d6e809bc4846b5738b3195d7256f2214aaa3e479536804720befb8878318bc0462276b704a2f73a8b1a39aa1f4eb6c9e1dabcfe85195

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks