1bdf734cf13f9b65bc52c65155f861a70b1d9defad887afc3d45de92a1cabf7f | Triage

Submit
Reports

Overview

overview

Static

static

8

certificat...21.doc

windows10_x64

Sharing

General

Target

certificate.010.21.doc
Size

76KB
Sample

211018-qvv1gsdfc3
MD5

756882396afaec2d9922977960f68bf5
SHA1

3164c3c6adedab2f6d3e3453ab863c3c0b7828f7
SHA256

1bdf734cf13f9b65bc52c65155f861a70b1d9defad887afc3d45de92a1cabf7f
SHA512

a0498fc8055f0779430a51d30b39faf12ad62886b88a34c9dc9d3926ff8e26ebf76e585775a30833b19360062db4383876e001eec09a17f23a25ceabc21bb785

Score

10^/10

evasion macro macro_on_action persistence trojan xlm

Static task

static1

macro xlm macro_on_action

Behavioral task

behavioral1

Sample

certificate.010.21.doc

Resource

win10-ja-20211014

evasion persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  certificate.010.21.doc
- Size
  
  76KB
- MD5
  
  756882396afaec2d9922977960f68bf5
- SHA1
  
  3164c3c6adedab2f6d3e3453ab863c3c0b7828f7
- SHA256
  
  1bdf734cf13f9b65bc52c65155f861a70b1d9defad887afc3d45de92a1cabf7f
- SHA512
  
  a0498fc8055f0779430a51d30b39faf12ad62886b88a34c9dc9d3926ff8e26ebf76e585775a30833b19360062db4383876e001eec09a17f23a25ceabc21bb785
Score

10^/10

evasion persistence trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Registers COM server for autorun
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macroxlmmacro_on_action

behavioral1

evasionpersistencetrojan

© 2018-2024

Terms | Privacy