Overview

overview

10

Static

static

8

3b9c6e35c9...9.docm

windows7_x64

10

3b9c6e35c9...9.docm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b9c6e35c90a3ef5f90cbecd6ad257d4d296832b00ef7dff00ecfabae4206559

  • Size

    630KB

  • Sample

    220525-ab54cagcfq

  • MD5

    5bed84434cf10693e9928c949dc990ee

  • SHA1

    2247d45b53195863c4361f81e4b7facfedb9f33b

  • SHA256

    3b9c6e35c90a3ef5f90cbecd6ad257d4d296832b00ef7dff00ecfabae4206559

  • SHA512

    a1dc22e6dad75603d096db8834012fb7b952126e908206650b261dd461cd098bd79b171d8374a80e89f53796b382a96f2f86b765fdabaa2b40f3283fd2e8b574

Score
10/10
macrophishing

Malware Config

Targets

    • Target

      3b9c6e35c90a3ef5f90cbecd6ad257d4d296832b00ef7dff00ecfabae4206559

    • Size

      630KB

    • MD5

      5bed84434cf10693e9928c949dc990ee

    • SHA1

      2247d45b53195863c4361f81e4b7facfedb9f33b

    • SHA256

      3b9c6e35c90a3ef5f90cbecd6ad257d4d296832b00ef7dff00ecfabae4206559

    • SHA512

      a1dc22e6dad75603d096db8834012fb7b952126e908206650b261dd461cd098bd79b171d8374a80e89f53796b382a96f2f86b765fdabaa2b40f3283fd2e8b574

    Score
    10/10
    phishing

    • Detected phishing page

      phishing

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks