General
-
Target
KMbZKdhI.doc
-
Size
383KB
-
Sample
201212-lgm8kgsz7x
-
MD5
9bcd01e5e8544e3bd39c0594f5407136
-
SHA1
4b927038a6c86c14a2bbd0019a7b251b9097339f
-
SHA256
36690bf953192eb205f486a364f788fd75aafa0e119bacb039f2503d4e81d0fa
-
SHA512
65fa3b3969f05e3d5b95492a3e701f91f741561732679cbe6352eceb8fca759d5cb4c3b087f05afeb0c3bf68825cfb5c259c4e6b577eae059780748bbb85eff8
Static task
static1
Behavioral task
behavioral1
Sample
KMbZKdhI.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
KMbZKdhI.doc
Resource
win10v20201028
Malware Config
Targets
-
-
Target
KMbZKdhI.doc
-
Size
383KB
-
MD5
9bcd01e5e8544e3bd39c0594f5407136
-
SHA1
4b927038a6c86c14a2bbd0019a7b251b9097339f
-
SHA256
36690bf953192eb205f486a364f788fd75aafa0e119bacb039f2503d4e81d0fa
-
SHA512
65fa3b3969f05e3d5b95492a3e701f91f741561732679cbe6352eceb8fca759d5cb4c3b087f05afeb0c3bf68825cfb5c259c4e6b577eae059780748bbb85eff8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation