12bcb54f26499cb93b213e37687b742476cacf1c45935115596f041186394b91 | Triage

Submit
Reports

Overview

overview

Static

static

12bcb54f26...91.exe

windows7_x64

12bcb54f26...91.exe

windows10_x64

Sharing

General

Target

12bcb54f26499cb93b213e37687b742476cacf1c45935115596f041186394b91
Size

1.3MB
Sample

201108-qe331e7p1j
MD5

99ad17d0fe60a5c648422b899f4d8e8c
SHA1

f8b2e57c25192f5fd40afc07c9b8515526067054
SHA256

12bcb54f26499cb93b213e37687b742476cacf1c45935115596f041186394b91
SHA512

804dff291b60631b6d5bec2a92b23a4675e5bb08a0b1a789b7096471e8b32d35c6d02ba8f62eba2d5bd68dc05ca163601f0cdf7d55b3d94c649c706ecd081c2e

Score

10^/10

discovery macro persistence

Static task

static1

Behavioral task

behavioral1

Sample

12bcb54f26499cb93b213e37687b742476cacf1c45935115596f041186394b91.exe

Resource

win7v20201028

discovery macro persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

12bcb54f26499cb93b213e37687b742476cacf1c45935115596f041186394b91.exe

Resource

win10v20201028

discovery macro persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  12bcb54f26499cb93b213e37687b742476cacf1c45935115596f041186394b91
- Size
  
  1.3MB
- MD5
  
  99ad17d0fe60a5c648422b899f4d8e8c
- SHA1
  
  f8b2e57c25192f5fd40afc07c9b8515526067054
- SHA256
  
  12bcb54f26499cb93b213e37687b742476cacf1c45935115596f041186394b91
- SHA512
  
  804dff291b60631b6d5bec2a92b23a4675e5bb08a0b1a789b7096471e8b32d35c6d02ba8f62eba2d5bd68dc05ca163601f0cdf7d55b3d94c649c706ecd081c2e
Score

10^/10

discovery macro persistence
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverymacropersistence

behavioral2

discoverymacropersistence

© 2018-2024

Terms | Privacy