Overview

overview

10

Static

static

8

7af28b6af5...f3.xls

windows7-x64

10

7af28b6af5...f3.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7af28b6af51c21236e8dae283be35d078a9b412b918a5595bfaa4722231e1af3

  • Size

    287KB

  • Sample

    220731-kwyj4shae5

  • MD5

    3f80214290751d891dddf50abe200ad8

  • SHA1

    0de99d5d3bce055876174ba6fac4df24f1320375

  • SHA256

    7af28b6af51c21236e8dae283be35d078a9b412b918a5595bfaa4722231e1af3

  • SHA512

    81dae2eb33499d1360226e657c421745f7ed92ce99a16bcf9cd6fcd57389464429e4eaacc70132f09ed30ed3dc586cc903cd8896563688f15a9545143d221b2f

Score
10/10
ta505macromacro_on_action

Malware Config

Targets

    • Target

      7af28b6af51c21236e8dae283be35d078a9b412b918a5595bfaa4722231e1af3

    • Size

      287KB

    • MD5

      3f80214290751d891dddf50abe200ad8

    • SHA1

      0de99d5d3bce055876174ba6fac4df24f1320375

    • SHA256

      7af28b6af51c21236e8dae283be35d078a9b412b918a5595bfaa4722231e1af3

    • SHA512

      81dae2eb33499d1360226e657c421745f7ed92ce99a16bcf9cd6fcd57389464429e4eaacc70132f09ed30ed3dc586cc903cd8896563688f15a9545143d221b2f

    Score
    10/10
    ta505

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • TA505

      Cybercrime group active since 2015, responsible for families like Dridex and Locky.

      ta505

    • Loads dropped DLL

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks