Overview

overview

10

Static

static

8

sample.doc

windows7_x64

10

sample.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.doc

  • Size

    97KB

  • Sample

    210721-kvmxln291a

  • MD5

    356a5c57245204778e4987ca33558603

  • SHA1

    295160cddc9a18dc0809c547908e19e4272e01f3

  • SHA256

    105d9496d4f80ae5ef3c7642f55117b65a10398afe5ff9c30d706fa9873cfd6a

  • SHA512

    27b256f8c7c8eeed8b0bca491e92c75541b53c594e5f1e6f63d923eda9748939ae7aedac3e2be592801a36c6ff56fabb6cdd847116f97fff76422092a15d8670

Score
10/10
macro

Malware Config

Targets

    • Target

      sample.doc

    • Size

      97KB

    • MD5

      356a5c57245204778e4987ca33558603

    • SHA1

      295160cddc9a18dc0809c547908e19e4272e01f3

    • SHA256

      105d9496d4f80ae5ef3c7642f55117b65a10398afe5ff9c30d706fa9873cfd6a

    • SHA512

      27b256f8c7c8eeed8b0bca491e92c75541b53c594e5f1e6f63d923eda9748939ae7aedac3e2be592801a36c6ff56fabb6cdd847116f97fff76422092a15d8670

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks