Overview

overview

10

Static

static

8

document.docm

windows7_x64

10

document.docm

windows10_x64

10

Resubmissions

10-05-2021 16:09

210510-xlvqhs6j76 10

10-05-2021 15:27

210510-ydc6x3dhja 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document.docm

  • Size

    68KB

  • Sample

    210510-xlvqhs6j76

  • MD5

    da3992522a61736e5dbc5c32978f05fe

  • SHA1

    670f0d608571fa8d799a98232cf2c16e8ccb9289

  • SHA256

    e6afaabd1e4a2c7adeedca6ee0ed095271a53a293162e3cf7ed52d570279258e

  • SHA512

    a2c3eee48add8eabf4fbe86a9e699fda302c143823f6ea3a629becf03d3d539aacfeabce52514e4b73e0db6d827031aec13e576a113f0aec92d0f7eb92f1c32a

Score
10/10
macro

Malware Config

Targets

    • Target

      document.docm

    • Size

      68KB

    • MD5

      da3992522a61736e5dbc5c32978f05fe

    • SHA1

      670f0d608571fa8d799a98232cf2c16e8ccb9289

    • SHA256

      e6afaabd1e4a2c7adeedca6ee0ed095271a53a293162e3cf7ed52d570279258e

    • SHA512

      a2c3eee48add8eabf4fbe86a9e699fda302c143823f6ea3a629becf03d3d539aacfeabce52514e4b73e0db6d827031aec13e576a113f0aec92d0f7eb92f1c32a

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks