Overview

overview

10

Static

static

8

7abe6d89_b...is.doc

windows7_x64

10

7abe6d89_b...is.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7abe6d89_by_Libranalysis

  • Size

    68KB

  • Sample

    210512-aqc461bzp2

  • MD5

    7abe6d890f58d5a0b421edb2d4eed932

  • SHA1

    a9c31dbfd581bcbb7236c828c6cc9dac13dbc6be

  • SHA256

    02e62eeb73ac0c0fa55cc203fbee23420a848cf991106eca3f75e8863a0cb4e5

  • SHA512

    488a7397cf9644c42a8b5a831f4a0e3a2ad99fc4cb7fe4d617ee8bd4085459f54a34be868c752c57375bba10e6dfa9ac5f7424aa0bb233943c1cb48f5d95bebc

Score
10/10
macro

Malware Config

Targets

    • Target

      7abe6d89_by_Libranalysis

    • Size

      68KB

    • MD5

      7abe6d890f58d5a0b421edb2d4eed932

    • SHA1

      a9c31dbfd581bcbb7236c828c6cc9dac13dbc6be

    • SHA256

      02e62eeb73ac0c0fa55cc203fbee23420a848cf991106eca3f75e8863a0cb4e5

    • SHA512

      488a7397cf9644c42a8b5a831f4a0e3a2ad99fc4cb7fe4d617ee8bd4085459f54a34be868c752c57375bba10e6dfa9ac5f7424aa0bb233943c1cb48f5d95bebc

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks