Overview

overview

10

Static

static

8

3082be3608...ec.pps

windows7_x64

10

3082be3608...ec.pps

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5665737750118400.zip

  • Size

    16KB

  • Sample

    210712-8ggcbcpdsn

  • MD5

    112aee001150045c32d0e950b62ef331

  • SHA1

    aa761738f6bc9dfd8b1bf0e4f1b6be3453ffdd1d

  • SHA256

    f5065485157cf505b1acd85cbc43c0db92051469a648f0cf348c1089bfa0552a

  • SHA512

    ee47d57603d1da755b3a2120178994ca83dd8048c70add9207d2962605211b898c11ca59db663cb3dbfa4165e03a68f9a5997a77e80e38d8c5678408afe8b373

Score
10/10
macromacro_on_actionxlm

Malware Config

Targets

    • Target

      3082be3608e6b47c26e25b16d0d0f97d1e98f90aaf3244458a0bf70ea864aeec

    • Size

      79KB

    • MD5

      a35c3e785e5f39ce7ab347dadfffa915

    • SHA1

      15e0beee9611b337b68bfd573941410d70562172

    • SHA256

      3082be3608e6b47c26e25b16d0d0f97d1e98f90aaf3244458a0bf70ea864aeec

    • SHA512

      eb513a731595fc14f24144bec0c32c606bc552d69f0b9e211bb8a9243abc82ace2e30707186ea62a67a7925dadcda48aba8f809421ba1c4f60a84d95fdd5a702

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks