3e6006e1b85b9fb7d1b528384110698d285a16c1a05195484a5ff7b961fb2c5f | Triage

Submit
Reports

Overview

overview

Static

static

8

3e6006e1b8...5f.doc

windows7-x64

3e6006e1b8...5f.doc

windows10-2004-x64

1

Sharing

General

Target

3e6006e1b85b9fb7d1b528384110698d285a16c1a05195484a5ff7b961fb2c5f
Size

91KB
Sample

221126-226w4sfc3x
MD5

65f147a8e8ec2928894a742f644fa584
SHA1

4206466e8f86280ec99dc7f29200052a5673aad9
SHA256

3e6006e1b85b9fb7d1b528384110698d285a16c1a05195484a5ff7b961fb2c5f
SHA512

5d3ba6ff14a5e0974f07dd2274f126d20187a0ffd79bbde7566567244fc58a17c7f31c49b1b8e48b4752abf5a90ba4698e9244356fce5b12cd7c5751b65a7599
SSDEEP

1536:rEf4D35BO2G7XIhpMIubBVK/SkqH0gmqa:IwDnijIhSNza

Score

10^/10

evasion macro macro_on_action persistence trojan

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

3e6006e1b85b9fb7d1b528384110698d285a16c1a05195484a5ff7b961fb2c5f.doc

Resource

win7-20221111-en

evasion persistence trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

3e6006e1b85b9fb7d1b528384110698d285a16c1a05195484a5ff7b961fb2c5f.doc

Resource

win10v2004-20221111-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  3e6006e1b85b9fb7d1b528384110698d285a16c1a05195484a5ff7b961fb2c5f
- Size
  
  91KB
- MD5
  
  65f147a8e8ec2928894a742f644fa584
- SHA1
  
  4206466e8f86280ec99dc7f29200052a5673aad9
- SHA256
  
  3e6006e1b85b9fb7d1b528384110698d285a16c1a05195484a5ff7b961fb2c5f
- SHA512
  
  5d3ba6ff14a5e0974f07dd2274f126d20187a0ffd79bbde7566567244fc58a17c7f31c49b1b8e48b4752abf5a90ba4698e9244356fce5b12cd7c5751b65a7599
- SSDEEP
  
  1536:rEf4D35BO2G7XIhpMIubBVK/SkqH0gmqa:IwDnijIhSNza
Score

10^/10

evasion persistence trojan
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

evasionpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy