1ed65f0a0c90e54e57fd37a9abf4aecd383dbf79b62016bd4f59e092b3b24606 | Triage

Submit
Reports

Overview

overview

Static

static

8

instrument...21.doc

windows7_x64

instrument...21.doc

windows10_x64

Sharing

General

Target

instrument indenture-05.21.doc
Size

78KB
Sample

210510-wlgsc6p9nj
MD5

b8a5d644bbe659e619ac0dde076960d9
SHA1

77700989ee5b3ef04e0469a7a4d13c90b074f6aa
SHA256

1ed65f0a0c90e54e57fd37a9abf4aecd383dbf79b62016bd4f59e092b3b24606
SHA512

8ec672a25693772850ab5caeb3a1b0db7fb3b1cbdd24f368fb705b2810528d5a3ede9fff3e537541f4ef69a611599a28b804ff68ed5b8163b558e24654669429

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

instrument indenture-05.21.doc

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

instrument indenture-05.21.doc

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  instrument indenture-05.21.doc
- Size
  
  78KB
- MD5
  
  b8a5d644bbe659e619ac0dde076960d9
- SHA1
  
  77700989ee5b3ef04e0469a7a4d13c90b074f6aa
- SHA256
  
  1ed65f0a0c90e54e57fd37a9abf4aecd383dbf79b62016bd4f59e092b3b24606
- SHA512
  
  8ec672a25693772850ab5caeb3a1b0db7fb3b1cbdd24f368fb705b2810528d5a3ede9fff3e537541f4ef69a611599a28b804ff68ed5b8163b558e24654669429
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy