Overview

overview

10

Static

static

8

84d523833d...29.doc

windows7_x64

10

84d523833d...29.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4938982065602560.zip

  • Size

    18KB

  • Sample

    211023-s1aylsdcek

  • MD5

    11bafd435b28874b9fb5d1830634f5f2

  • SHA1

    991fece1a9c0462aa840fb76e8e25138278ed2f5

  • SHA256

    69720bf311bdd57ea585fc4711390604adbdc0dca6e6e82db3ef6967f4d7aa33

  • SHA512

    8bea604df70f67f2f1ed3ea50765ab48797126feb805838e15ae6bfcf577b20b4ac27e86c57770038f8e3c0b61e8908a85e932a465ddb15fe543c9c87cc48527

Score
10/10
macromacro_on_actionpersistencexlm

Malware Config

Targets

    • Target

      84d523833db6cc74a079b12312da775d4281bf1034b2af0203c9d14c098e6f29

    • Size

      51KB

    • MD5

      5c0db4b48129acc977e26de7daed6b49

    • SHA1

      2021c163c7fcae8f4941ea50247ae3fa3eb1dde9

    • SHA256

      84d523833db6cc74a079b12312da775d4281bf1034b2af0203c9d14c098e6f29

    • SHA512

      a543e2a02a913c0e725a10dcb72c5ed33365dc02f8949660c5832764b0364600cfcf54caf41888e52461670fdaa53b005d876c9fc0b5875ed6ff4591b28be5f9

    Score
    10/10
    persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks