0fef64eab9583e653f02f7fc28af21b9cc14265f8a6bbae518e2325d417994cd | Triage

Submit
Reports

Overview

overview

Static

static

1cam.doc

windows7_x64

1cam.doc

windows10_x64

1

Sharing

General

Target

1cam.doc
Size

501KB
Sample

211207-p4mvsshcem
MD5

9ca16900f5e47678fe02d5caf0fd1bda
SHA1

0e099b335bacf41555431c11530ceb46097f0ae8
SHA256

0fef64eab9583e653f02f7fc28af21b9cc14265f8a6bbae518e2325d417994cd
SHA512

ad29e961837495c9b6e8fa2439c9c0ae99565d5ec14cfc08ed754466068548bfaa619dc071cf94b78b72b56b55c781138337d454ca6b10f15e64a68b762631e5

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

1cam.doc

Resource

win7-en-20211104

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1cam.doc

Resource

win10-en-20211014

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://91.92.109.142/roben.png

exe.dropper

http://192.99.255.33/images/roben.png

exe.dropper

http://185.183.98.15/roben.png

exe.dropper

http://83.138.53.103/images/roben.png

exe.dropper

http://172.96.189.216/images/roben.png

Targets

- Target
  
  1cam.doc
- Size
  
  501KB
- MD5
  
  9ca16900f5e47678fe02d5caf0fd1bda
- SHA1
  
  0e099b335bacf41555431c11530ceb46097f0ae8
- SHA256
  
  0fef64eab9583e653f02f7fc28af21b9cc14265f8a6bbae518e2325d417994cd
- SHA512
  
  ad29e961837495c9b6e8fa2439c9c0ae99565d5ec14cfc08ed754466068548bfaa619dc071cf94b78b72b56b55c781138337d454ca6b10f15e64a68b762631e5
Score

10^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy