Overview

overview

10

Static

static

8

Scanned_in...57.doc

windows7_x64

10

Scanned_in...57.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scanned_invoice_8765456_091257.doc

  • Size

    55KB

  • Sample

    211014-mcjb7aghd5

  • MD5

    7e039d3c0e2d0df8214cedffeca95760

  • SHA1

    113611901a4ea795a3df3714349c3f206f4db0cd

  • SHA256

    7dba782e988f0c5b44443e496bc1e8b55931b652ae353ae854f55df6eabf90fb

  • SHA512

    57c85d18657cf4d6fd4b6a8d18eda6ccbd4c548e42caffc9a9b3d231f114c2e863aeeaf79dcb2dc7c2880135d55a611d51b3345ab9bfbd517f64e380015e691a

Score
10/10
macroxlm

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://secure01wa.2waky.com/v/App16.exe

Targets

    • Target

      Scanned_invoice_8765456_091257.doc

    • Size

      55KB

    • MD5

      7e039d3c0e2d0df8214cedffeca95760

    • SHA1

      113611901a4ea795a3df3714349c3f206f4db0cd

    • SHA256

      7dba782e988f0c5b44443e496bc1e8b55931b652ae353ae854f55df6eabf90fb

    • SHA512

      57c85d18657cf4d6fd4b6a8d18eda6ccbd4c548e42caffc9a9b3d231f114c2e863aeeaf79dcb2dc7c2880135d55a611d51b3345ab9bfbd517f64e380015e691a

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks