Overview

overview

10

Static

static

8

Users/vald...21.doc

windows7_x64

10

Users/vald...21.doc

windows10_x64

10

Resubmissions

06-05-2021 11:48

210506-t228k9s662 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40fffcb2-bbca-4c3c-8a47-c8a46d08b67b.zip

  • Size

    62KB

  • Sample

    210506-t228k9s662

  • MD5

    54e50aee6df5255cce56434f3df1fd3f

  • SHA1

    fbae62455abd1f5290c16e0c084f5f9080a3dc73

  • SHA256

    a8fa2bc68cf2b47965315c68bcde06cd09c139e4c8bd61efec7c0a533202308e

  • SHA512

    33e7a4afe57f4585465ae3d489677f6db73494b72924de7ca3929e0a4395a5f9c2b8cae7258845491a5a331df70fba8da228b602b6bbbfe506aa69866dee80af

Score
10/10
macro

Malware Config

Targets

    • Target

      Users/valdershof/AppData/Local/Temp/1/Temp1_request (2).zip/statistics.05.05.21.doc

    • Size

      79KB

    • MD5

      5b1f0547ccf84dcbff593f7c8f5942d8

    • SHA1

      3e5a4257f797363211724a83b40b42c84396bf47

    • SHA256

      643ead4ad454664576dd55236b4d924a91294d155315ec8860af96a6157263d4

    • SHA512

      a149e6d4bf6093b3af4fffc14824335a72cff53cea28d27a103f98a450439768ab29f0a532a512364e5b5b726fccb2bc051aaebb145b5ca05680c01c088c7ab6

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks