d04079c569863276bf4a135096b68fbafc6bb2679ac10b41b4af40f30d6fbb12 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

d04079c569...2.docm

windows7-x64

8

d04079c569...2.docm

windows10-2004-x64

1

Sharing

General

Target

d04079c569863276bf4a135096b68fbafc6bb2679ac10b41b4af40f30d6fbb12
Size

113KB
Sample

221126-kgxn9seh89
MD5

5d8928dc78c56a0409076ed13d22b451
SHA1

b5bf3ddcf2cec0e245fc46543ff466e3a5928e5a
SHA256

d04079c569863276bf4a135096b68fbafc6bb2679ac10b41b4af40f30d6fbb12
SHA512

163aa5229215c3eca955b8f6fa1a6aa8350349d1214ff2d7e530db94b69ba3ea6953f04629d0420664f4b882e1713e76e2edbdad5c75e4bc4654afd617374ed6
SSDEEP

3072:6xoHcq4x+WSfxLkDuNqZcuepmjWKFzS2T:6W8q4x+WSpLkDUqOpQWkzPT

Score

8^/10

macro persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d04079c569863276bf4a135096b68fbafc6bb2679ac10b41b4af40f30d6fbb12.docm

Resource

win7-20220812-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

d04079c569863276bf4a135096b68fbafc6bb2679ac10b41b4af40f30d6fbb12.docm

Resource

win10v2004-20220812-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  d04079c569863276bf4a135096b68fbafc6bb2679ac10b41b4af40f30d6fbb12
- Size
  
  113KB
- MD5
  
  5d8928dc78c56a0409076ed13d22b451
- SHA1
  
  b5bf3ddcf2cec0e245fc46543ff466e3a5928e5a
- SHA256
  
  d04079c569863276bf4a135096b68fbafc6bb2679ac10b41b4af40f30d6fbb12
- SHA512
  
  163aa5229215c3eca955b8f6fa1a6aa8350349d1214ff2d7e530db94b69ba3ea6953f04629d0420664f4b882e1713e76e2edbdad5c75e4bc4654afd617374ed6
- SSDEEP
  
  3072:6xoHcq4x+WSfxLkDuNqZcuepmjWKFzS2T:6W8q4x+WSpLkDUqOpQWkzPT
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy