General

  • Target

    f9e93efc4b1327a0d22b6666af3f3b2e0c91c460c2c75c6a76380779cfebd972.doc

  • Size

    69KB

  • Sample

    211013-2pel4afben

  • MD5

    6b4e49172557753be4a506d1647d45d8

  • SHA1

    63da363f5ab6eae78b9305a0b077250226860bca

  • SHA256

    f9e93efc4b1327a0d22b6666af3f3b2e0c91c460c2c75c6a76380779cfebd972

  • SHA512

    247fad1b2e3f09b13100796b98547c4bac457b05f5ea84ab66be0c3c8a1104c2dfb1263ea31b9e64b342cabf6be9a3d19604bc3e6c84086b9cc2048bf03768d2

Score
10/10

Malware Config

Targets

    • Target

      f9e93efc4b1327a0d22b6666af3f3b2e0c91c460c2c75c6a76380779cfebd972.doc

    • Size

      69KB

    • MD5

      6b4e49172557753be4a506d1647d45d8

    • SHA1

      63da363f5ab6eae78b9305a0b077250226860bca

    • SHA256

      f9e93efc4b1327a0d22b6666af3f3b2e0c91c460c2c75c6a76380779cfebd972

    • SHA512

      247fad1b2e3f09b13100796b98547c4bac457b05f5ea84ab66be0c3c8a1104c2dfb1263ea31b9e64b342cabf6be9a3d19604bc3e6c84086b9cc2048bf03768d2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks