Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

0112_3896101931.doc
Size

369KB
Sample

210112-jcnkz4wmw6
MD5

458a852da334535062f37384f3af4ff8
SHA1

e22096169278426d4d5c049782a9b6469813cd3b
SHA256

99b98b8c7033456ba7840ad99c65347a8026aee62bccbbac6d22ca4b0f5dfa1e
SHA512

ae5dc310abac0d28d10fda06488e3636fb3b88bf56dc5a2cd6b3421c05e3a239e8000baaba73dd5e2c661e165cd9e1e14c476842a2db4073f223873e4bc03a02

Score

10^/10

Malware Config

Targets

- Target
  
  0112_3896101931.doc
- Size
  
  369KB
- MD5
  
  458a852da334535062f37384f3af4ff8
- SHA1
  
  e22096169278426d4d5c049782a9b6469813cd3b
- SHA256
  
  99b98b8c7033456ba7840ad99c65347a8026aee62bccbbac6d22ca4b0f5dfa1e
- SHA512
  
  ae5dc310abac0d28d10fda06488e3636fb3b88bf56dc5a2cd6b3421c05e3a239e8000baaba73dd5e2c661e165cd9e1e14c476842a2db4073f223873e4bc03a02
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

behavioral2