Overview

overview

10

Static

static

8

charge.010.21.doc

windows7_x64

10

charge.010.21.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    charge.010.21.doc

  • Size

    34KB

  • Sample

    211022-thf8cacgbl

  • MD5

    e5c25d10cf9eb0bb6c9206dbaecee852

  • SHA1

    b18fdfec1d858a6aa8974ea3f77d8b57aeb52ac7

  • SHA256

    f1898ce555b64817c3480fd2b638280c7c10fb11e6a7fd3ef77215e7fe240022

  • SHA512

    a3b735edabb857a4cc286c338a83765d00fc8a591e07216f9b7e1119fa3ecd0a834a04e8222a036be86ee3fcb48141a6520e553789ff58a991565d12ab172aa0

Score
10/10
macro

Malware Config

Targets

    • Target

      charge.010.21.doc

    • Size

      34KB

    • MD5

      e5c25d10cf9eb0bb6c9206dbaecee852

    • SHA1

      b18fdfec1d858a6aa8974ea3f77d8b57aeb52ac7

    • SHA256

      f1898ce555b64817c3480fd2b638280c7c10fb11e6a7fd3ef77215e7fe240022

    • SHA512

      a3b735edabb857a4cc286c338a83765d00fc8a591e07216f9b7e1119fa3ecd0a834a04e8222a036be86ee3fcb48141a6520e553789ff58a991565d12ab172aa0

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks