Overview

overview

10

Static

static

8

0a4315aced...f5.doc

windows7_x64

10

0a4315aced...f5.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a4315aced819ab564058480ffeeeb059756030d8c056605f2e0c6fc88b8b2f5.doc.zip

  • Size

    1.3MB

  • Sample

    210512-81ehv1et9n

  • MD5

    c7ffbdf964230b9cd90af3261cb90e0d

  • SHA1

    3255159a1657316761bf98ecca96f091a4fbbcfe

  • SHA256

    9c6241b1ccd67ad4439be584bf286f2f37c247217ffb59ab7031867c517abed4

  • SHA512

    e852090e3440431b33efbd9ee9efa6e942c63b7b23625947d45ac71bb8e44428bab5bae669bba53c294250265b0be4db8cc79e433df4762bbd334ca35252db5f

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      0a4315aced819ab564058480ffeeeb059756030d8c056605f2e0c6fc88b8b2f5.doc

    • Size

      1.5MB

    • MD5

      3272df3f79a0fa8c2ba601c4771b99e4

    • SHA1

      90237b6a9396828465224313f1e8d1fe32190b85

    • SHA256

      0a4315aced819ab564058480ffeeeb059756030d8c056605f2e0c6fc88b8b2f5

    • SHA512

      f937de508da39c0f2ee844a01bb8bb31e9f3b10ab1243a92be3239d2d18d53552759d20a498e4186a56422bda3824c994903cc228bd4bea1de4903f5c61d3827

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks