Overview

overview

10

Static

static

8

PO-92806.doc

windows7-x64

10

PO-92806.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO-92806.doc

  • Size

    545KB

  • Sample

    220913-gzc6ssafar

  • MD5

    d9cef6aac1d3526d4fe0343530e5a510

  • SHA1

    5240c8ce9ffddd70303a141c7daa9c9c7a66f901

  • SHA256

    2d09d531585e0afae401ef184feb3ac79e6526f113451f33f383d75e499b5f5b

  • SHA512

    ef4a6d5f1093235ea1d359fd199723a66be9cf3f027bfaf236e2f87f3332ee5a1a25f546c71ecccd1a45bd9e240e6476eeaa6745a053368d842c7ae6d48f8119

  • SSDEEP

    6144:SwpxoQL1U6ewpflmAXw/cDzTCYAfEoXYT7Wj2aBwoXYT7Wj2aBwoXYZaI:rpyf6RhjBg0g01

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      PO-92806.doc

    • Size

      545KB

    • MD5

      d9cef6aac1d3526d4fe0343530e5a510

    • SHA1

      5240c8ce9ffddd70303a141c7daa9c9c7a66f901

    • SHA256

      2d09d531585e0afae401ef184feb3ac79e6526f113451f33f383d75e499b5f5b

    • SHA512

      ef4a6d5f1093235ea1d359fd199723a66be9cf3f027bfaf236e2f87f3332ee5a1a25f546c71ecccd1a45bd9e240e6476eeaa6745a053368d842c7ae6d48f8119

    • SSDEEP

      6144:SwpxoQL1U6ewpflmAXw/cDzTCYAfEoXYT7Wj2aBwoXYT7Wj2aBwoXYZaI:rpyf6RhjBg0g01

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks