Overview

overview

10

Static

static

10

520a3206c9...b.docx

windows7_x64

7

520a3206c9...b.docx

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    520a3206c97f5738b80ca923bedd47915107713b.docx

  • Size

    10KB

  • Sample

    210531-2r1pqkvgcj

  • MD5

    a5319ab43908080f8173e54919f0898c

  • SHA1

    520a3206c97f5738b80ca923bedd47915107713b

  • SHA256

    aa5f7f84299113a12a6d23d8fe5eaa83d8543bb729af2da4afaef1080fa893a8

  • SHA512

    d385015438914e6b40996c5a6eae111524c3fabc5ce27cae306b0db5405dcaa483d6eed6114b1c3795110547fa5924f7f22b51f3ad82bf8492bbb433a30f6e32

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://cutt.ly/tnqANmo

Targets

    • Target

      520a3206c97f5738b80ca923bedd47915107713b.docx

    • Size

      10KB

    • MD5

      a5319ab43908080f8173e54919f0898c

    • SHA1

      520a3206c97f5738b80ca923bedd47915107713b

    • SHA256

      aa5f7f84299113a12a6d23d8fe5eaa83d8543bb729af2da4afaef1080fa893a8

    • SHA512

      d385015438914e6b40996c5a6eae111524c3fabc5ce27cae306b0db5405dcaa483d6eed6114b1c3795110547fa5924f7f22b51f3ad82bf8492bbb433a30f6e32

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks