Overview

overview

10

Static

static

8

dictate 010.21.doc

windows7_x64

10

dictate 010.21.doc

windows10_x64

10

Resubmissions

22-10-2021 16:01

211022-tf86cacgbk 10

20-10-2021 20:51

211020-zncp1aheh9 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dictate 010.21.doc

  • Size

    34KB

  • Sample

    211020-zncp1aheh9

  • MD5

    3128a1aa061355d275cd323336148c4a

  • SHA1

    63b5fba4691c68f0c268fd65b6dda64150b4facc

  • SHA256

    1cdae1a82f4320ba429c8aa6cb7b9236bae8edcf5fe67b79242aa0dcce157060

  • SHA512

    04d1e8e2b360a87f2e37a1d036cd415c4078546577cdc02528e1f32c64df917b86bb95a011e8b36eed30d3c18bf1633db458feb5140c28e076c2b170f621559a

Score
10/10
macro

Malware Config

Targets

    • Target

      dictate 010.21.doc

    • Size

      34KB

    • MD5

      3128a1aa061355d275cd323336148c4a

    • SHA1

      63b5fba4691c68f0c268fd65b6dda64150b4facc

    • SHA256

      1cdae1a82f4320ba429c8aa6cb7b9236bae8edcf5fe67b79242aa0dcce157060

    • SHA512

      04d1e8e2b360a87f2e37a1d036cd415c4078546577cdc02528e1f32c64df917b86bb95a011e8b36eed30d3c18bf1633db458feb5140c28e076c2b170f621559a

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks