f4965c1fcd7e5104b08e9aca3cc989f1a487f64ee791f013ef105f981d67e90d | Triage

Submit
Reports

Overview

overview

Static

static

8

Invoice- 8...ce.doc

windows7_x64

Invoice- 8...ce.doc

windows10_x64

Sharing

General

Target

Invoice- 8765432345678 Oil_Field_Swift_remmitance.doc
Size

56KB
Sample

211021-w7z3vsbefk
MD5

14124094350a4280daa20a5328ec2954
SHA1

323f142b39d5a541d9ef68f98df26a28032ca12a
SHA256

f4965c1fcd7e5104b08e9aca3cc989f1a487f64ee791f013ef105f981d67e90d
SHA512

4cc0e648fbc349ea80fec1b55e047b388bd37e28c9a291f3b5a5f7b472be99c5c09afe12afaef9dc8776a802f42695998bc461523f77be922514972f421985ee

Score

10^/10

macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Invoice- 8765432345678 Oil_Field_Swift_remmitance.doc

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice- 8765432345678 Oil_Field_Swift_remmitance.doc

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://sec6ur1.x24hr.com/g/soleApp1.exe

Targets

- Target
  
  Invoice- 8765432345678 Oil_Field_Swift_remmitance.doc
- Size
  
  56KB
- MD5
  
  14124094350a4280daa20a5328ec2954
- SHA1
  
  323f142b39d5a541d9ef68f98df26a28032ca12a
- SHA256
  
  f4965c1fcd7e5104b08e9aca3cc989f1a487f64ee791f013ef105f981d67e90d
- SHA512
  
  4cc0e648fbc349ea80fec1b55e047b388bd37e28c9a291f3b5a5f7b472be99c5c09afe12afaef9dc8776a802f42695998bc461523f77be922514972f421985ee
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy