d0a1b07edf45ba875c1e2923c92f374e2e65bd978b5e56ece588abd52add7105 | Triage

Submit
Reports

Overview

overview

Static

static

8

Order #30297.pps

windows7_x64

Order #30297.pps

windows10_x64

1

Sharing

General

Target

Order #30297.pps
Size

380KB
Sample

210226-2xak3md6b2
MD5

d243c062dfd6ddf2f1c30311a72414a7
SHA1

b437ca1859aa40d5c3faae79dac6d2128c766d9d
SHA256

d0a1b07edf45ba875c1e2923c92f374e2e65bd978b5e56ece588abd52add7105
SHA512

9896f01d755cc526bc7ad364ca1bcc4259d4be6a8cb7e754ba941459bbe3e6b51e0e94deef0d656b35c50f1332a67ec797d6326471cc5edc483e706a022296f3

Score

10^/10

macro persistence xlm

Static task

static1

Behavioral task

behavioral1

Sample

Order #30297.pps

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Order #30297.pps

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Order #30297.pps
- Size
  
  380KB
- MD5
  
  d243c062dfd6ddf2f1c30311a72414a7
- SHA1
  
  b437ca1859aa40d5c3faae79dac6d2128c766d9d
- SHA256
  
  d0a1b07edf45ba875c1e2923c92f374e2e65bd978b5e56ece588abd52add7105
- SHA512
  
  9896f01d755cc526bc7ad364ca1bcc4259d4be6a8cb7e754ba941459bbe3e6b51e0e94deef0d656b35c50f1332a67ec797d6326471cc5edc483e706a022296f3
Score

10^/10

persistence
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy