Overview

overview

10

Static

static

8

order.05.21.doc

windows7_x64

10

order.05.21.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order.05.21.doc

  • Size

    79KB

  • Sample

    210507-a57k8ntymj

  • MD5

    cbdad0f6accf946029dedfb004713cb7

  • SHA1

    4bba153689f6524004bc99c3b71810125deedbdf

  • SHA256

    db9b93ed6789f9d8c87674fa472bab1f610d3b08afaadf9c8168bad38ca3bdc7

  • SHA512

    0f694a4ffbf35a72c1202c3c1c5d1a6e0d9330651b9c34940e42df772e0a86b589fc566f98367644b122748f7ae6303aec7193e55c358de00c9edd516806b05c

Score
10/10
macro

Malware Config

Targets

    • Target

      order.05.21.doc

    • Size

      79KB

    • MD5

      cbdad0f6accf946029dedfb004713cb7

    • SHA1

      4bba153689f6524004bc99c3b71810125deedbdf

    • SHA256

      db9b93ed6789f9d8c87674fa472bab1f610d3b08afaadf9c8168bad38ca3bdc7

    • SHA512

      0f694a4ffbf35a72c1202c3c1c5d1a6e0d9330651b9c34940e42df772e0a86b589fc566f98367644b122748f7ae6303aec7193e55c358de00c9edd516806b05c

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks