Overview

overview

10

Static

static

8

1a505720c6...in.doc

windows7_x64

10

1a505720c6...in.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0614e19_by_Libranalysis

  • Size

    61KB

  • Sample

    210510-kyvkb5jmfj

  • MD5

    d0614e199943e156673e8447427da8bb

  • SHA1

    10634145d91e1cf66a0607872b42c69052cbac2d

  • SHA256

    ee88bbff1c9833c77661b1b179225b74ae62dd3af4fc162e9a601a4a02e21e35

  • SHA512

    326da1dedd20f3261bcff99285925407507ab5306b5aa30514dc28b2bd959d2009318c3d3ec1bb4e3efbe69d7153d145e38c9296c24c80fe2fb337df2cbceef9

Score
10/10
macro

Malware Config

Targets

    • Target

      1a505720c62f6fd4b97a2bc46229a73903fa80b973f9f6b948ba043025461d68.bin

    • Size

      79KB

    • MD5

      0c16ad7cfb1477322e1aaad1869cbd84

    • SHA1

      b668338a4295fcb7ec3dd8d33e9e802bc2d70e8b

    • SHA256

      1a505720c62f6fd4b97a2bc46229a73903fa80b973f9f6b948ba043025461d68

    • SHA512

      d98794b0a94c4e037ac388a9323e80503a66e8945650d1c84e8335b85c771d2c85f13cf2f439df627b77f04a9f2fd73c8f062d78858072dbfc8d5e33a388b750

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks