General

  • Target

    c7ffbdf9_by_Libranalysis

  • Size

    1.3MB

  • Sample

    210512-6knrrq33en

  • MD5

    c7ffbdf964230b9cd90af3261cb90e0d

  • SHA1

    3255159a1657316761bf98ecca96f091a4fbbcfe

  • SHA256

    9c6241b1ccd67ad4439be584bf286f2f37c247217ffb59ab7031867c517abed4

  • SHA512

    e852090e3440431b33efbd9ee9efa6e942c63b7b23625947d45ac71bb8e44428bab5bae669bba53c294250265b0be4db8cc79e433df4762bbd334ca35252db5f

Score
10/10

Malware Config

Targets

    • Target

      0a4315aced819ab564058480ffeeeb059756030d8c056605f2e0c6fc88b8b2f5.doc

    • Size

      1.5MB

    • MD5

      3272df3f79a0fa8c2ba601c4771b99e4

    • SHA1

      90237b6a9396828465224313f1e8d1fe32190b85

    • SHA256

      0a4315aced819ab564058480ffeeeb059756030d8c056605f2e0c6fc88b8b2f5

    • SHA512

      f937de508da39c0f2ee844a01bb8bb31e9f3b10ab1243a92be3239d2d18d53552759d20a498e4186a56422bda3824c994903cc228bd4bea1de4903f5c61d3827

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks