Overview

overview

10

Static

static

8

adjure.010.21.21.doc

windows7_x64

10

adjure.010.21.21.doc

windows7_x64

10

adjure.010.21.21.doc

windows7_x64

10

adjure.010.21.21.doc

windows11_x64

8

adjure.010.21.21.doc

windows10_x64

10

adjure.010.21.21.doc

windows10_x64

10

adjure.010.21.21.doc

windows10_x64

10

Resubmissions

23-10-2021 12:33

211023-prhqbadcdj 10

23-10-2021 10:17

211023-mbpsksdcak 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adjure.010.21.21.doc.zip

  • Size

    31KB

  • Sample

    211023-prhqbadcdj

  • MD5

    8581d265c626a3538514dbf10a6bc6d7

  • SHA1

    90cd7e706555889dbb8d35e6b05e04da9dff0a6b

  • SHA256

    2454da4ca1e4c62872531ef48d0f2cb17700fa6633bcf2b3e5a7f0b0cb1a1292

  • SHA512

    f38ad9d17f43d0a4b33232c38be8504b5ea5d44b94e17d6e3b3d5180b573e9154b3ed33c9227a54b9ce286d7cf122394907aa5fa3e8c0f43dacc130cdbc7206e

Score
10/10
evasionmacropersistencetrojan

Malware Config

Targets

    • Target

      adjure.010.21.21.doc

    • Size

      34KB

    • MD5

      4f2dda35a63d6c4d724019d36195a4f9

    • SHA1

      83222019ce517eaa50641763b755f449023b756e

    • SHA256

      7d8378bb87f881c44968a65568fb5165de3ae90afe59a67ef25c5f6af694787d

    • SHA512

      fc01d362ef1b5825cf78aca1c276a1b3e5246ee4464233c78462afabe72b68c299d73b3c5a2363fa6ae08e26265573e63eb0d5f4ff874f086faf40988b9ca2a7

    Score
    10/10
    persistenceevasiontrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Registers COM server for autorun

      persistence

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks