Resubmissions

13/08/2021, 09:28

210813-fnjyawq6ws 10

13/08/2021, 09:23

210813-swdjcyat5e 10

13/08/2021, 07:05

210813-4dy26bbdfe 10

03/08/2021, 07:47

210803-jrlp4kfgt2 10

General

  • Target

    InvoiceNo_8041766.ppt

  • Size

    82KB

  • Sample

    210813-fnjyawq6ws

  • MD5

    c27b99ba1c1e0e88a8362fd5b9193499

  • SHA1

    4aa04165daad8a8827d39067b117c2a81399f87d

  • SHA256

    c9eef29af749ee4e022d0852bfec6b85a382cb50d0dfcab2eeed1a89499fde48

  • SHA512

    8c7c17959905a83b503d5a1892a9950399ae6d1f0b4859a4b2cfaf0c0bb176cebf64d9992b93d5b32d8aca95dff13821303ad5d234109f65de4ac03fdc80a892

Score
10/10

Malware Config

Targets

    • Target

      InvoiceNo_8041766.ppt

    • Size

      82KB

    • MD5

      c27b99ba1c1e0e88a8362fd5b9193499

    • SHA1

      4aa04165daad8a8827d39067b117c2a81399f87d

    • SHA256

      c9eef29af749ee4e022d0852bfec6b85a382cb50d0dfcab2eeed1a89499fde48

    • SHA512

      8c7c17959905a83b503d5a1892a9950399ae6d1f0b4859a4b2cfaf0c0bb176cebf64d9992b93d5b32d8aca95dff13821303ad5d234109f65de4ac03fdc80a892

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v6

Tasks