11fc6451a6357f7367e8c1d4c2ae535940e1181502c2b5188c1df6f5f903480d | Triage

Submit
Reports

Overview

overview

Static

static

8

instruct_05.21.doc

windows7_x64

instruct_05.21.doc

windows10_x64

Sharing

General

Target

request.zip
Size

71KB
Sample

210510-jt15bk75z2
MD5

31ee02113c9b1a48c692de7cf1dbef48
SHA1

0e94baa017d7213a4523f6721580a58f01f5ab51
SHA256

11fc6451a6357f7367e8c1d4c2ae535940e1181502c2b5188c1df6f5f903480d
SHA512

7dbdb7595aec51a2824c937f44ada933ff6e4033d0f1eec58c322c85494b8be53fe904655c6fd7044e90fa95a707a2807a0806ae64134c8f8aa16f86e315161d

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

instruct_05.21.doc

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

instruct_05.21.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  instruct_05.21.doc
- Size
  
  78KB
- MD5
  
  5eb8c721056734d05ffe0e63b69cdcad
- SHA1
  
  d6e4d88641da3f8288f05b22df0605c70ad6526e
- SHA256
  
  7ceb6f0c9e30c3a867010d2fdab80a0f1ee36e26e16f4a34bc0a9b5578411128
- SHA512
  
  67c2961190b14ff29612cc28f120dcdac9188fa66decb02bfc6c63efd22bfc85c63219d7e91be5ed9aaf2d3323634ccd9df5098ff5701982115d745f757e1043
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy