Overview

overview

10

Static

static

8

1f2ed0a44b...7.docm

windows7-x64

4

1f2ed0a44b...7.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f2ed0a44bfe66ef53582a3cc55e4417

  • Size

    207KB

  • Sample

    221122-1chbsadc2v

  • MD5

    1f2ed0a44bfe66ef53582a3cc55e4417

  • SHA1

    8ce71a8bd2933924fd840777711a34154e4c040d

  • SHA256

    107303e82acc31cdd39920feb402e51744237c92a4a6620dbb5c3f36cb1c274f

  • SHA512

    cbc8e5971306f890a193bac344f8a7adb504b1b2d5e5ea2aad5aad3b9ade29e253b60ffd7b207b6b785869744b7b894bd2c0c94c758912bece09a6d455c70749

  • SSDEEP

    6144:uTxHzHVzJky3eEGVdajJ66tAhUJOO3NZ7xsego:uRbrkyuEGfMuhU7rN5

Score
10/10
macropersistence

Malware Config

Targets

    • Target

      1f2ed0a44bfe66ef53582a3cc55e4417

    • Size

      207KB

    • MD5

      1f2ed0a44bfe66ef53582a3cc55e4417

    • SHA1

      8ce71a8bd2933924fd840777711a34154e4c040d

    • SHA256

      107303e82acc31cdd39920feb402e51744237c92a4a6620dbb5c3f36cb1c274f

    • SHA512

      cbc8e5971306f890a193bac344f8a7adb504b1b2d5e5ea2aad5aad3b9ade29e253b60ffd7b207b6b785869744b7b894bd2c0c94c758912bece09a6d455c70749

    • SSDEEP

      6144:uTxHzHVzJky3eEGVdajJ66tAhUJOO3NZ7xsego:uRbrkyuEGfMuhU7rN5

    Score
    10/10
    persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks