37c164c74aeee4be30e4ef4ff500251b6d35a87085b58b82b8f1de5364d5abd7 | Triage

Submit
Reports

Overview

overview

Static

static

8

ovgroup_richiesta.doc

windows10-1703-x64

Sharing

General

Target

ovgroup_richiesta.doc
Size

173KB
Sample

220810-mcdrpshadj
MD5

b124e7dab51da1a7b7d69f14c07f3463
SHA1

2defdfa54404868bd0a19b026cd1ef7e067cc2df
SHA256

37c164c74aeee4be30e4ef4ff500251b6d35a87085b58b82b8f1de5364d5abd7
SHA512

5d4a15306f1945802be4fef214a6d0da498c6bdd7a795656215987a33904cb28c3476096846b5bec74e3580dd866d4a87069a2d5546bfd3dd7dc7c772383f616

Score

10^/10

macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

ovgroup_richiesta.doc

Resource

win10-20220414-en

windows10-1703-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  ovgroup_richiesta.doc
- Size
  
  173KB
- MD5
  
  b124e7dab51da1a7b7d69f14c07f3463
- SHA1
  
  2defdfa54404868bd0a19b026cd1ef7e067cc2df
- SHA256
  
  37c164c74aeee4be30e4ef4ff500251b6d35a87085b58b82b8f1de5364d5abd7
- SHA512
  
  5d4a15306f1945802be4fef214a6d0da498c6bdd7a795656215987a33904cb28c3476096846b5bec74e3580dd866d4a87069a2d5546bfd3dd7dc7c772383f616
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

© 2018-2024

Terms | Privacy