Overview

overview

10

Static

static

0112_679538951.doc

windows7_x64

10

0112_679538951.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0112_679538951.doc

  • Size

    372KB

  • Sample

    210112-eaftvfdysn

  • MD5

    e3163d9a0638eb38b57d60a261c90fba

  • SHA1

    7f717a2af835a52fa56d30d38f0379a3edacc7bd

  • SHA256

    22043734ed3f774db7a88297286f6ecd56336d755cc19f1bd54f2a2ac58982cd

  • SHA512

    a39b7ac2be33645357ca2d4bb28915788b186ac44e9dd82938d481f8e6f5e17883bd034137ef9c5e2956ae1eb88d677b37d7c6c83efb8330bcff9ba4655258d6

Score
10/10

Malware Config

Targets

    • Target

      0112_679538951.doc

    • Size

      372KB

    • MD5

      e3163d9a0638eb38b57d60a261c90fba

    • SHA1

      7f717a2af835a52fa56d30d38f0379a3edacc7bd

    • SHA256

      22043734ed3f774db7a88297286f6ecd56336d755cc19f1bd54f2a2ac58982cd

    • SHA512

      a39b7ac2be33645357ca2d4bb28915788b186ac44e9dd82938d481f8e6f5e17883bd034137ef9c5e2956ae1eb88d677b37d7c6c83efb8330bcff9ba4655258d6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks