a54fe8044d12684b941ada860b515252623e9ddc1ae880ad370320fc0c2d5947 | Triage

Sharing

General

Target

DOC-49B8OP200.msi
Size

1015KB
Sample

210113-s1va3qpmte
MD5

472a5b55e3ffd9c7e3f3b355bf7cae40
SHA1

cf26c9f79529c897cd76fec9270d4ead9c235aa1
SHA256

a54fe8044d12684b941ada860b515252623e9ddc1ae880ad370320fc0c2d5947
SHA512

e7ce58cce7c899afde04f1f47cd78283edcb876d5bbb70c2dd9b03df9be6bc14abec3066968e5d4e8ceefe656ebf99cd04ab0da61be8a33ecc4ef06bda2b9a5f

Score

8^/10

Malware Config

Targets

- Target
  
  DOC-49B8OP200.msi
- Size
  
  1015KB
- MD5
  
  472a5b55e3ffd9c7e3f3b355bf7cae40
- SHA1
  
  cf26c9f79529c897cd76fec9270d4ead9c235aa1
- SHA256
  
  a54fe8044d12684b941ada860b515252623e9ddc1ae880ad370320fc0c2d5947
- SHA512
  
  e7ce58cce7c899afde04f1f47cd78283edcb876d5bbb70c2dd9b03df9be6bc14abec3066968e5d4e8ceefe656ebf99cd04ab0da61be8a33ecc4ef06bda2b9a5f
Score

8^/10
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2