Overview

overview

10

Static

static

8

cb8dc855f3...97.doc

windows7-x64

10

cb8dc855f3...97.doc

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    cb8dc855f31f105eb085d73b464a8cb1d219d9545a3fce8b7c30e7d2a1491d97.zip

  • Size

    68KB

  • Sample

    220914-hlkjdshdh6

  • MD5

    b25866ff3a6cb94db99423d052d6f338

  • SHA1

    962f08b7b23ae5906d347f8759618642fd014ac6

  • SHA256

    445b72f422e2f388f78e2ae55160a0e6270f73d3113f48d9421e4861d9c0507b

  • SHA512

    7624ab64bc9ea4e6a15dd17442077537f7dd059fa5fe834406e630b2095231b1776e25678f2aa68538864cbe6d514f5808be35ee3cc8fefdac0abf583fbd41f4

  • SSDEEP

    1536:r8pQzz72LdOcM7usiOJ/zA7Wk7h2vaZnBz5mcbulp76Vv:r8pQ/72Ldausi+qWqDBzMf8v

Score
10/10
macro

Malware Config

Targets

    • Target

      cb8dc855f31f105eb085d73b464a8cb1d219d9545a3fce8b7c30e7d2a1491d97

    • Size

      140KB

    • MD5

      f7b8a648e9fbafb47814eca14a3fe92d

    • SHA1

      0d560bb49df2b3c2212b5acf2dc82963160474d2

    • SHA256

      cb8dc855f31f105eb085d73b464a8cb1d219d9545a3fce8b7c30e7d2a1491d97

    • SHA512

      51b8fa596f99d4ac50827d53a3aaa32929132d1e56adb35fce9adb4406ac247520851da0f596da6d0cc15b2d12079a80edb33db0efe9c21487d6a9f63e14d602

    • SSDEEP

      3072:nLOTckkkkkkkkklRJIHQEaWLPzEzDUoAFWXL9k2mxulmSpH:qwkkkkkkkkk5IHQEa0Ro93mxulmSl

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks