Overview

overview

10

Static

static

8

313a743ed5...37.doc

windows7-x64

10

313a743ed5...37.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    313a743ed5558caa203fd873c22a178d6e4fed8c3ca75d40f827eeedccf31c37

  • Size

    115KB

  • Sample

    221122-l3bjlada2w

  • MD5

    7cf2a5dfb0c0777e0670aea29cb3a97b

  • SHA1

    ddbcdccf41d8386ae5183415c3ce139a6a010efb

  • SHA256

    313a743ed5558caa203fd873c22a178d6e4fed8c3ca75d40f827eeedccf31c37

  • SHA512

    e87fbf56de867d4b895db24dd7c7abb2fedfcf020ed004e636bb5bf4b5b51b8f9a2da534b7077eab822b42f939891c217ca162d4b1334bf3ded7bbc611fbb92c

  • SSDEEP

    3072:WFJ6s9d9fP4LvppgFS8tvJpIl/2016CMnryG1e:bs9grpwSQpIl7IryMe

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      313a743ed5558caa203fd873c22a178d6e4fed8c3ca75d40f827eeedccf31c37

    • Size

      115KB

    • MD5

      7cf2a5dfb0c0777e0670aea29cb3a97b

    • SHA1

      ddbcdccf41d8386ae5183415c3ce139a6a010efb

    • SHA256

      313a743ed5558caa203fd873c22a178d6e4fed8c3ca75d40f827eeedccf31c37

    • SHA512

      e87fbf56de867d4b895db24dd7c7abb2fedfcf020ed004e636bb5bf4b5b51b8f9a2da534b7077eab822b42f939891c217ca162d4b1334bf3ded7bbc611fbb92c

    • SSDEEP

      3072:WFJ6s9d9fP4LvppgFS8tvJpIl/2016CMnryG1e:bs9grpwSQpIl7IryMe

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks