Overview

overview

10

Static

static

8

49303ee1dd...d7.doc

windows7_x64

10

49303ee1dd...d7.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49303ee1dd10a23c5fccd5ef4559ffbbd3e03b2adc4ec37175eb52ada1ad0bd7

  • Size

    4.7MB

  • Sample

    220521-ajxryadcbm

  • MD5

    d6bb808b52a7dd0b1897904851eddae4

  • SHA1

    b7ea8f182792e226442c79330bc7da821a84d838

  • SHA256

    49303ee1dd10a23c5fccd5ef4559ffbbd3e03b2adc4ec37175eb52ada1ad0bd7

  • SHA512

    697a152d76f08fe4a8461f319e645660f660b1c313df8d4e18b43c20366b8d538461607592a335fce0ec5f44867f11afd0c85f50b4afb859b54557f4a7d7da5b

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      49303ee1dd10a23c5fccd5ef4559ffbbd3e03b2adc4ec37175eb52ada1ad0bd7

    • Size

      4.7MB

    • MD5

      d6bb808b52a7dd0b1897904851eddae4

    • SHA1

      b7ea8f182792e226442c79330bc7da821a84d838

    • SHA256

      49303ee1dd10a23c5fccd5ef4559ffbbd3e03b2adc4ec37175eb52ada1ad0bd7

    • SHA512

      697a152d76f08fe4a8461f319e645660f660b1c313df8d4e18b43c20366b8d538461607592a335fce0ec5f44867f11afd0c85f50b4afb859b54557f4a7d7da5b

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks