Overview

overview

10

Static

static

8

0112_80556334.doc

windows7_x64

10

0112_80556334.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0112_80556334.doc

  • Size

    733KB

  • Sample

    210112-fqpdp6gc5a

  • MD5

    f19210159bc8c2f4cae3dc7cd188aff2

  • SHA1

    15b1d8358e35998994795e747200a0c0ca39d889

  • SHA256

    51dd023b55be138ac7cfe7379a55c0a2a46c01cd3b3f96a151b0a27ed9e12485

  • SHA512

    2dea523fad7e6d772d708f39cb9356e59b9a1a7a687cefbcbfd4f68b40059638b0d9cdea2d1a71c48dbc5db78b4c3cde2e9e8fd1bd4823d26b6493cdd8218069

Score
10/10
macro

Malware Config

Targets

    • Target

      0112_80556334.doc

    • Size

      733KB

    • MD5

      f19210159bc8c2f4cae3dc7cd188aff2

    • SHA1

      15b1d8358e35998994795e747200a0c0ca39d889

    • SHA256

      51dd023b55be138ac7cfe7379a55c0a2a46c01cd3b3f96a151b0a27ed9e12485

    • SHA512

      2dea523fad7e6d772d708f39cb9356e59b9a1a7a687cefbcbfd4f68b40059638b0d9cdea2d1a71c48dbc5db78b4c3cde2e9e8fd1bd4823d26b6493cdd8218069

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks