Overview

overview

10

Static

static

8

0112_153569242.doc

windows7_x64

10

0112_153569242.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0112_153569242.doc

  • Size

    735KB

  • Sample

    210112-6v26snkzge

  • MD5

    e16bb7d07d3edae43d278bf40c39f410

  • SHA1

    29f9b366b9c92c9c621fbeba372ae6c6a4723fa4

  • SHA256

    d6755718c70e20345c85d18c5411b67c99da5b2f8740d63221038c1d35ccc0b8

  • SHA512

    547229c4990a3b0162cd6cef216e923da514611a103f1798d7f7381b13e47f8d0e6c8e401902c4ba8805e89ca7198919a1294fe61257d33161612cfefbc95088

Score
10/10
macro

Malware Config

Targets

    • Target

      0112_153569242.doc

    • Size

      735KB

    • MD5

      e16bb7d07d3edae43d278bf40c39f410

    • SHA1

      29f9b366b9c92c9c621fbeba372ae6c6a4723fa4

    • SHA256

      d6755718c70e20345c85d18c5411b67c99da5b2f8740d63221038c1d35ccc0b8

    • SHA512

      547229c4990a3b0162cd6cef216e923da514611a103f1798d7f7381b13e47f8d0e6c8e401902c4ba8805e89ca7198919a1294fe61257d33161612cfefbc95088

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks