Overview

overview

10

Static

static

8

ad0972d2a2...7d.doc

windows7_x64

10

ad0972d2a2...7d.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.zip

  • Size

    9KB

  • Sample

    211014-w8f2daahej

  • MD5

    c51b86d1a7fd3e455943747121e9764c

  • SHA1

    8b4d33aaf8573706e039e979ede632841162ca2e

  • SHA256

    d122e97cc5bd9cfd5e122bb0aedf1f6835d8f535020a263fbd0ebf2535c5c471

  • SHA512

    813d9e8b406ca5a7973089a08c017877da04b2704192d32c5de4b09058c090de026a46acaf3ce07c0499beb6302a541d3c07e3bf4158a572cf1b80c1b34091a1

Score
10/10
macromacro_on_actionxlm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/851105085270523917/895674622702399538/Server.txt

Targets

    • Target

      ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc

    • Size

      31KB

    • MD5

      da6419e4d4e4528990898bcfdaa85e01

    • SHA1

      8fdfe23dac4252203c5b7f9ff8b4778676188ca2

    • SHA256

      ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d

    • SHA512

      2a0e6ce142058fc73fa968a705be71768b2a183610610f5715792b25a1f699df10e1eb745772deaa74322fa8f8237eb7be82d7d2657baccd602605cfcee818e0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks