Overview

overview

10

Static

static

8

6655026d70...a4.doc

windows7_x64

10

6655026d70...a4.doc

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6655026d703e9efb9805807cb20b7d8284ff91979f5b746c32a965ca1a268ca4

  • Size

    1000KB

  • Sample

    220521-m6sgysgcck

  • MD5

    603bebc04d98f9a62b4201c6d46f9ba6

  • SHA1

    345fb60733a9cb98d9ec051ec3d33abf721477fc

  • SHA256

    6655026d703e9efb9805807cb20b7d8284ff91979f5b746c32a965ca1a268ca4

  • SHA512

    917699e9f97a13a18c7a531a1b136816ae95f647d7e41fa6b56f81ac8ff63e6de877c5672977fcbd5d2705e4a17f317c105c0d3a3d7d7b5aaff64930e6ef6aa2

Score
10/10
macro

Malware Config

Targets

    • Target

      6655026d703e9efb9805807cb20b7d8284ff91979f5b746c32a965ca1a268ca4

    • Size

      1000KB

    • MD5

      603bebc04d98f9a62b4201c6d46f9ba6

    • SHA1

      345fb60733a9cb98d9ec051ec3d33abf721477fc

    • SHA256

      6655026d703e9efb9805807cb20b7d8284ff91979f5b746c32a965ca1a268ca4

    • SHA512

      917699e9f97a13a18c7a531a1b136816ae95f647d7e41fa6b56f81ac8ff63e6de877c5672977fcbd5d2705e4a17f317c105c0d3a3d7d7b5aaff64930e6ef6aa2

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks