Overview

overview

10

Static

static

이력서.docx

windows7-x64

10

이력서.docx

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    이력서.docx

  • Size

    155KB

  • Sample

    221101-hal8vahhar

  • MD5

    7bc2d49f18d57a52696e15b4d3ea4488

  • SHA1

    0c2d75541f3bbe95d29abb66ff70507903ed7b50

  • SHA256

    fa2e61e9c269c14e8f9caed061b33a526b98fccd32e8519d887c2a183f5899d4

  • SHA512

    1860fa29936af07f2eb0dc42e2ebf1412b3f6dfae4ae75e237cc33fbb5cba2f108231f0e9c829925cfe0ef778d924f7f42d0ecfeab455dcb8e3c733492893be7

  • SSDEEP

    3072:+t0NqHlnUjeb+oBlRvDNRmc95BR/YCkXr03++0Mgnly:g0NqNmW+2RvDvJF/YCY2lx

Score
10/10

Malware Config

Targets

    • Target

      이력서.docx

    • Size

      155KB

    • MD5

      7bc2d49f18d57a52696e15b4d3ea4488

    • SHA1

      0c2d75541f3bbe95d29abb66ff70507903ed7b50

    • SHA256

      fa2e61e9c269c14e8f9caed061b33a526b98fccd32e8519d887c2a183f5899d4

    • SHA512

      1860fa29936af07f2eb0dc42e2ebf1412b3f6dfae4ae75e237cc33fbb5cba2f108231f0e9c829925cfe0ef778d924f7f42d0ecfeab455dcb8e3c733492893be7

    • SSDEEP

      3072:+t0NqHlnUjeb+oBlRvDNRmc95BR/YCkXr03++0Mgnly:g0NqNmW+2RvDvJF/YCY2lx

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks