Overview

overview

10

Static

static

8

0fe745b26e...eb.doc

windows7_x64

10

0fe745b26e...eb.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0fe745b26efe3c4d82389d10c43e5755a30e1a794d920a807915313f049048eb

  • Size

    98KB

  • Sample

    220128-2bgjjafahp

  • MD5

    477e6a9efebdbf54f09d06ef8a29da79

  • SHA1

    bc219e56929889acdf80cf692cd6b0d7a43b8207

  • SHA256

    0fe745b26efe3c4d82389d10c43e5755a30e1a794d920a807915313f049048eb

  • SHA512

    e209d8fa97c11208bd570035ba90469f9dce9ef1a6916f97ec5932aa836313ef838fb9ab65c87abde7dcc34948354a951a2a3937aa4f13945e24b6081ba7d6c2

Score
10/10
macro

Malware Config

Targets

    • Target

      0fe745b26efe3c4d82389d10c43e5755a30e1a794d920a807915313f049048eb

    • Size

      98KB

    • MD5

      477e6a9efebdbf54f09d06ef8a29da79

    • SHA1

      bc219e56929889acdf80cf692cd6b0d7a43b8207

    • SHA256

      0fe745b26efe3c4d82389d10c43e5755a30e1a794d920a807915313f049048eb

    • SHA512

      e209d8fa97c11208bd570035ba90469f9dce9ef1a6916f97ec5932aa836313ef838fb9ab65c87abde7dcc34948354a951a2a3937aa4f13945e24b6081ba7d6c2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Use of msiexec (install) with remote resource

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks