General

  • Target

    Info.zip

  • Size

    41KB

  • Sample

    211021-tx1wasaed8

  • MD5

    9d38ac7916ffba018474e4fdde8d5526

  • SHA1

    98c1b49605039767d2908c72e675b58962c96009

  • SHA256

    2b29a2f6baf7a5c9ff7d0e5a4cbb1cbf9fd80cc7947028c1aabeaed29011c166

  • SHA512

    afcef491f99a6a48d90b4cbccb42126157d92f92de4519fa2f156d77b0113a360da135bf9fd7dc267c58d09891ece09f8f5e596d0c631ffb83e17111bc05f954

Score
10/10

Malware Config

Targets

    • Target

      charge-010.21.doc

    • Size

      34KB

    • MD5

      3f847a7204b0107e94fcda507f575cfa

    • SHA1

      7d39320163c563bee86e6622538b7c40b9df9f23

    • SHA256

      28d581bc4ae6d95ebe47fefd6d50e8373b2a4e77fcb7dd625b0a0d1597815a01

    • SHA512

      7d304ba343c970419b4ef2f33e825b4d9c53da2de5a2acd2e8fe97051858224ce6e3e16a92018405190a2a3a41f40380fcc369838a13373fd77d298e5d0fbc8a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks