dc40e48d2eb0e57cd16b1792bdccc185440f632783c7bcc87c955e1d4e88fc95 | Triage

Submit
Reports

Overview

overview

Static

static

8

galadriel

windows7_x64

Resubmissions

14-01-2021 11:54

210114-7xa6tfh59x 10

14-01-2021 11:48

210114-q634htvf9a 10

14-01-2021 01:32

210114-d1g1zn1d22 8

Sharing

General

Target

sample1.bin
Size

830KB
Sample

210114-7xa6tfh59x
MD5

7dbd8ecfada1d39a81a58c9468b91039
SHA1

0d21e2742204d1f98f6fcabe0544570fd6857dd3
SHA256

dc40e48d2eb0e57cd16b1792bdccc185440f632783c7bcc87c955e1d4e88fc95
SHA512

a851ac80b43ebdb8e990c2eb3daabb456516fc40bb43c9f76d0112674dbd6264efce881520744f0502f2962fc0bb4024e7d73ea66d56bc87c0cc6dfde2ab869a

Score

10^/10

macro macro_on_action

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

sample1.bin.doc

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  sample1.bin
- Size
  
  830KB
- MD5
  
  7dbd8ecfada1d39a81a58c9468b91039
- SHA1
  
  0d21e2742204d1f98f6fcabe0544570fd6857dd3
- SHA256
  
  dc40e48d2eb0e57cd16b1792bdccc185440f632783c7bcc87c955e1d4e88fc95
- SHA512
  
  a851ac80b43ebdb8e990c2eb3daabb456516fc40bb43c9f76d0112674dbd6264efce881520744f0502f2962fc0bb4024e7d73ea66d56bc87c0cc6dfde2ab869a
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

© 2018-2024

Terms | Privacy