36690bf953192eb205f486a364f788fd75aafa0e119bacb039f2503d4e81d0fa | Triage

Submit
Reports

Overview

overview

Static

static

8

KMbZKdhI.doc

windows7_x64

KMbZKdhI.doc

windows10_x64

Sharing

General

Target

KMbZKdhI.doc
Size

383KB
Sample

201212-lgm8kgsz7x
MD5

9bcd01e5e8544e3bd39c0594f5407136
SHA1

4b927038a6c86c14a2bbd0019a7b251b9097339f
SHA256

36690bf953192eb205f486a364f788fd75aafa0e119bacb039f2503d4e81d0fa
SHA512

65fa3b3969f05e3d5b95492a3e701f91f741561732679cbe6352eceb8fca759d5cb4c3b087f05afeb0c3bf68825cfb5c259c4e6b577eae059780748bbb85eff8

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

KMbZKdhI.doc

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

KMbZKdhI.doc

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  KMbZKdhI.doc
- Size
  
  383KB
- MD5
  
  9bcd01e5e8544e3bd39c0594f5407136
- SHA1
  
  4b927038a6c86c14a2bbd0019a7b251b9097339f
- SHA256
  
  36690bf953192eb205f486a364f788fd75aafa0e119bacb039f2503d4e81d0fa
- SHA512
  
  65fa3b3969f05e3d5b95492a3e701f91f741561732679cbe6352eceb8fca759d5cb4c3b087f05afeb0c3bf68825cfb5c259c4e6b577eae059780748bbb85eff8
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy