3c59ad7c4426e8396369f084c35a2bd3f0caa3ba1d1a91794153507210a77c90 | Triage

Submit
Reports

Overview

overview

Static

static

8

mal.doc

windows7_x64

mal.doc

windows10_x64

Resubmissions

13-01-2021 08:09

210113-m1cmwhx8ls 10

13-01-2021 08:05

210113-8e913ch4ex 10

Sharing

General

Target

mal.doc
Size

63KB
Sample

210113-m1cmwhx8ls
MD5

7b5f1c01980faf7801f16a761cb8d377
SHA1

ee47206c87482de1915b1e441a23a5b3473697e3
SHA256

3c59ad7c4426e8396369f084c35a2bd3f0caa3ba1d1a91794153507210a77c90
SHA512

26172fb0bbe1b3fc46fedd7a50eeba589134bb9feeb503271c52eec9ec973131b0cfd0a343232dd9f72552fe48dcd70244be416f80237cf9e5773766355e412a

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

mal.doc

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mal.doc

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  mal.doc
- Size
  
  63KB
- MD5
  
  7b5f1c01980faf7801f16a761cb8d377
- SHA1
  
  ee47206c87482de1915b1e441a23a5b3473697e3
- SHA256
  
  3c59ad7c4426e8396369f084c35a2bd3f0caa3ba1d1a91794153507210a77c90
- SHA512
  
  26172fb0bbe1b3fc46fedd7a50eeba589134bb9feeb503271c52eec9ec973131b0cfd0a343232dd9f72552fe48dcd70244be416f80237cf9e5773766355e412a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy