Overview

overview

10

Static

static

unsafe_Evi...y.docm

windows10-1703-x64

10

unsafe_Evi...y.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    unsafe_EvilClippy.docm

  • Size

    17KB

  • Sample

    220926-1fwnksdbcp

  • MD5

    d2018b6e226daabe52893b2183a2fb58

  • SHA1

    f00b9d72ccff4f1a520ce130b61e0f69a3135f97

  • SHA256

    6386ba65bb8c9059070cc8438c9922c996d0b5976eca4ba6cb90356f5642e65b

  • SHA512

    0da005c560e62d608814d7a666ce644820ec31dc15e6b73d7d3fc568f196778f762839780d5ee84863e0a95f72b2c3014a9a2ca8f76885467835f84d91ef8bf2

  • SSDEEP

    384:Y6R7KtGuC5LzV5/Bg5/FAd9pStWbIjFmudxsu63c/khIWYweCoDFn6HUD/:JJCeJ7/Bk/adjSQboxsuN/gIlR6o/

Score
10/10

Malware Config

Targets

    • Target

      unsafe_EvilClippy.docm

    • Size

      17KB

    • MD5

      d2018b6e226daabe52893b2183a2fb58

    • SHA1

      f00b9d72ccff4f1a520ce130b61e0f69a3135f97

    • SHA256

      6386ba65bb8c9059070cc8438c9922c996d0b5976eca4ba6cb90356f5642e65b

    • SHA512

      0da005c560e62d608814d7a666ce644820ec31dc15e6b73d7d3fc568f196778f762839780d5ee84863e0a95f72b2c3014a9a2ca8f76885467835f84d91ef8bf2

    • SSDEEP

      384:Y6R7KtGuC5LzV5/Bg5/FAd9pStWbIjFmudxsu63c/khIWYweCoDFn6HUD/:JJCeJ7/Bk/adjSQboxsuN/gIlR6o/

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks