order_07.21.doc

General
Target

order_07.21.doc

Size

87KB

Sample

210722-7eytmvrhpa

Score
10 /10
MD5

401b19c454075d52bd832725f3c22cfe

SHA1

088f76c184a0cba673abc41bd5582e4e21672fdd

SHA256

6b94e6319e46f52058d5f0c1bc07d7e367152e3bb769f2fd1af097914fe64ce3

SHA512

b83ddf0a5dc6174591e0c07a1b87f5ffb5a1efa731913707829195415bed70a5dff43d9669e948e509fd3e77d15986391e1e01b9344c2694dd1b0fba5b87f894

Malware Config
Targets
Target

order_07.21.doc

MD5

401b19c454075d52bd832725f3c22cfe

Filesize

87KB

Score
10 /10
SHA1

088f76c184a0cba673abc41bd5582e4e21672fdd

SHA256

6b94e6319e46f52058d5f0c1bc07d7e367152e3bb769f2fd1af097914fe64ce3

SHA512

b83ddf0a5dc6174591e0c07a1b87f5ffb5a1efa731913707829195415bed70a5dff43d9669e948e509fd3e77d15986391e1e01b9344c2694dd1b0fba5b87f894

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Suspicious use of NtCreateProcessExOtherParentProcess

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10