Overview

overview

10

Static

static

0112_286068331.doc

windows7_x64

10

0112_286068331.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0112_286068331.doc

  • Size

    369KB

  • Sample

    210112-568ncqenpe

  • MD5

    90bc76c00a54ec40a5c02680c4ac0adc

  • SHA1

    fd2a43d3e36adbfd2f6d4eb7aa30ff29e7f1ebb8

  • SHA256

    56f1795abf78f798a51b9224a5deb17aedd924629136832b526c93339f525e56

  • SHA512

    455f016727495e7438ea532e9fe25e2508876443ba27193c3b2fe8d2029b061bd8c0ab623a8806496cd65fa1b233a5662372c4a3baf4836a6edc7de1626c69f5

Score
10/10

Malware Config

Targets

    • Target

      0112_286068331.doc

    • Size

      369KB

    • MD5

      90bc76c00a54ec40a5c02680c4ac0adc

    • SHA1

      fd2a43d3e36adbfd2f6d4eb7aa30ff29e7f1ebb8

    • SHA256

      56f1795abf78f798a51b9224a5deb17aedd924629136832b526c93339f525e56

    • SHA512

      455f016727495e7438ea532e9fe25e2508876443ba27193c3b2fe8d2029b061bd8c0ab623a8806496cd65fa1b233a5662372c4a3baf4836a6edc7de1626c69f5

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Discovery

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation

                      Tasks