Overview

overview

10

Static

static

8

documents....0.docm

windows7-x64

10

documents....0.docm

windows10-2004-x64

10

Resubmissions

26-09-2022 02:37

220926-c4gbssabhj 10

11-08-2020 13:15

200811-h3l11zynne 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    documents.08.010.2020.doc

  • Size

    103KB

  • Sample

    220926-c4gbssabhj

  • MD5

    8048d47ea9f0413ab0eab7af519d7484

  • SHA1

    0798338a1b3343ff9455f4c46704fa6e40bf17c0

  • SHA256

    13bbdfee503648ce33da31f677f27e783c443f23a8a62a7b7b3ffbd28542a0b4

  • SHA512

    8b346b77e7a19f4caba92b0957bf0f12abacdd2ba194927b9ec9b0300b27ba6bbbc3c5629b59f303e4d6e67b0740c4904c0d6609cf9d50fb9fd18255b0cc39ef

  • SSDEEP

    3072:Wcl38UZUKUq3x3CXZWLd4xPiGosHZCZkBiLX:d38UZUKUgQWh0PVosHykMT

Score
10/10
macro

Malware Config

Targets

    • Target

      documents.08.010.2020.doc

    • Size

      103KB

    • MD5

      8048d47ea9f0413ab0eab7af519d7484

    • SHA1

      0798338a1b3343ff9455f4c46704fa6e40bf17c0

    • SHA256

      13bbdfee503648ce33da31f677f27e783c443f23a8a62a7b7b3ffbd28542a0b4

    • SHA512

      8b346b77e7a19f4caba92b0957bf0f12abacdd2ba194927b9ec9b0300b27ba6bbbc3c5629b59f303e4d6e67b0740c4904c0d6609cf9d50fb9fd18255b0cc39ef

    • SSDEEP

      3072:Wcl38UZUKUq3x3CXZWLd4xPiGosHZCZkBiLX:d38UZUKUgQWh0PVosHykMT

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks