Overview

overview

10

Static

static

8

cb1ae1de_b...is.doc

windows7_x64

10

cb1ae1de_b...is.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb1ae1de_by_Libranalysis

  • Size

    1.4MB

  • Sample

    210505-e6xpxj58re

  • MD5

    cb1ae1de9487edd65c2201f1f4a36e3c

  • SHA1

    80cb89663d148dd302301e9f66b37d1c3de91a59

  • SHA256

    e6dff9a5f74fff3a95e2dcb48b81b05af5cf5be73823d56c10eee80c8f17c845

  • SHA512

    0b08cfac486dc87256ddbe467bc185ba96e71b3a6865a9fe1ad3390290166e528147e705267f02a8903dce28da3f99674c3d24d4d628d1ff5db7a9656f080fe6

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      cb1ae1de_by_Libranalysis

    • Size

      1.4MB

    • MD5

      cb1ae1de9487edd65c2201f1f4a36e3c

    • SHA1

      80cb89663d148dd302301e9f66b37d1c3de91a59

    • SHA256

      e6dff9a5f74fff3a95e2dcb48b81b05af5cf5be73823d56c10eee80c8f17c845

    • SHA512

      0b08cfac486dc87256ddbe467bc185ba96e71b3a6865a9fe1ad3390290166e528147e705267f02a8903dce28da3f99674c3d24d4d628d1ff5db7a9656f080fe6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks