Overview

overview

10

Static

static

tell-07.22.2021.doc

windows7_x64

10

tell-07.22.2021.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tell-07.22.2021.doc

  • Size

    68KB

  • Sample

    210722-f435b4f1ws

  • MD5

    50b3f639d32da6089829f267d44ef33c

  • SHA1

    f5dd35011d0c34f232f74d2422d3aa6323f74cc8

  • SHA256

    7ee027d76a4ada5d782ca4823b861a841c57058a8ff3dc80322a12a7854b8127

  • SHA512

    c976e567d46f681fca1d6c5cafac53e22bb052290c20df6700e44900811210cc20992841eaeca9734e20b71bb022e8fca552d08b406a6b3f272195211213f5c4

Score
10/10

Malware Config

Targets

    • Target

      tell-07.22.2021.doc

    • Size

      68KB

    • MD5

      50b3f639d32da6089829f267d44ef33c

    • SHA1

      f5dd35011d0c34f232f74d2422d3aa6323f74cc8

    • SHA256

      7ee027d76a4ada5d782ca4823b861a841c57058a8ff3dc80322a12a7854b8127

    • SHA512

      c976e567d46f681fca1d6c5cafac53e22bb052290c20df6700e44900811210cc20992841eaeca9734e20b71bb022e8fca552d08b406a6b3f272195211213f5c4

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks