Overview

overview

10

Static

static

8

25aa7d7bd3...08.doc

windows7_x64

10

25aa7d7bd3...08.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25aa7d7bd388d56e4c9100db78d3c45f7cd044c3250a042529b5add584e63f08

  • Size

    92KB

  • Sample

    220520-2j8b8afea4

  • MD5

    75400d47d7e8dcf4f3fef505a4ed9ed2

  • SHA1

    a4e6d4bd058fc5bd6d5d7641328a728f72e13fe2

  • SHA256

    25aa7d7bd388d56e4c9100db78d3c45f7cd044c3250a042529b5add584e63f08

  • SHA512

    e79ade66409e0629f7184c450f8b541d30d839b03766d95e633491c05c341fa7623e9cd112bb1ac312975af6d0c3eb509dd02bbb26d26c9b5cd04a6af958b5a9

Score
10/10
macro

Malware Config

Targets

    • Target

      25aa7d7bd388d56e4c9100db78d3c45f7cd044c3250a042529b5add584e63f08

    • Size

      92KB

    • MD5

      75400d47d7e8dcf4f3fef505a4ed9ed2

    • SHA1

      a4e6d4bd058fc5bd6d5d7641328a728f72e13fe2

    • SHA256

      25aa7d7bd388d56e4c9100db78d3c45f7cd044c3250a042529b5add584e63f08

    • SHA512

      e79ade66409e0629f7184c450f8b541d30d839b03766d95e633491c05c341fa7623e9cd112bb1ac312975af6d0c3eb509dd02bbb26d26c9b5cd04a6af958b5a9

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks