Overview

overview

10

Static

static

10

36dd23a0e5...dd.doc

windows7_x64

7

36dd23a0e5...dd.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36dd23a0e53da034ff9f27c9ac6d332005accb9fe45f6d0b6653927d58384add

  • Size

    10KB

  • Sample

    210526-ftt9qqt2mx

  • MD5

    fe6beedbcf84e45ffe1b95112913f0f7

  • SHA1

    1c2408b9888e8ad4768329b4c91f8c5a1bbfd374

  • SHA256

    36dd23a0e53da034ff9f27c9ac6d332005accb9fe45f6d0b6653927d58384add

  • SHA512

    c2269c1c728c059be85fdf681e4406db6c96fc0435fd70fb682a9dfca5ccf2961deb88f61c871791221c101a78a7f321a7c238ca05202d55c8bcff5892a816e2

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://cutt.ly/1nqNBU5

Targets

    • Target

      36dd23a0e53da034ff9f27c9ac6d332005accb9fe45f6d0b6653927d58384add

    • Size

      10KB

    • MD5

      fe6beedbcf84e45ffe1b95112913f0f7

    • SHA1

      1c2408b9888e8ad4768329b4c91f8c5a1bbfd374

    • SHA256

      36dd23a0e53da034ff9f27c9ac6d332005accb9fe45f6d0b6653927d58384add

    • SHA512

      c2269c1c728c059be85fdf681e4406db6c96fc0435fd70fb682a9dfca5ccf2961deb88f61c871791221c101a78a7f321a7c238ca05202d55c8bcff5892a816e2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks