Overview

overview

10

Static

static

8

0112_37832604.doc

windows7_x64

10

0112_37832604.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0112_37832604.doc

  • Size

    735KB

  • Sample

    210112-1erk869rwe

  • MD5

    41b0f11eceaf9c2edf412e2562b7292a

  • SHA1

    194e84aa15365ecb82c83b6fab156f743a106b42

  • SHA256

    b1502cdbb5aeee57d0a5d38945c64855ba35c25d43a71bd72c3cf31665e5aa62

  • SHA512

    ddf30d9f4876f9ea3920377a21e0fba80646ad35ef189bbf41695c01166dacc41e221622c83d376939087f03f155c3c835f5a5b371481767f9cefb6c6fecac73

Score
10/10
macro

Malware Config

Targets

    • Target

      0112_37832604.doc

    • Size

      735KB

    • MD5

      41b0f11eceaf9c2edf412e2562b7292a

    • SHA1

      194e84aa15365ecb82c83b6fab156f743a106b42

    • SHA256

      b1502cdbb5aeee57d0a5d38945c64855ba35c25d43a71bd72c3cf31665e5aa62

    • SHA512

      ddf30d9f4876f9ea3920377a21e0fba80646ad35ef189bbf41695c01166dacc41e221622c83d376939087f03f155c3c835f5a5b371481767f9cefb6c6fecac73

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks