670011a08ddcde9d1892593a968f87e9e8800248f6bb9b8967b05ec4c34b64d0 | Triage

Submit
Reports

Overview

overview

Static

static

8

670011a08d...0.docm

windows7-x64

670011a08d...0.docm

windows10-2004-x64

Sharing

General

Target

670011a08ddcde9d1892593a968f87e9e8800248f6bb9b8967b05ec4c34b64d0
Size

21KB
Sample

221128-d6jelsca48
MD5

720f6555332b5fee6755debc506c6dd5
SHA1

4a2d406e5aff77159ee39067383302420231b045
SHA256

670011a08ddcde9d1892593a968f87e9e8800248f6bb9b8967b05ec4c34b64d0
SHA512

295238351c882e129ceaac7d8d248a40d24b2d085cc78817d3334f03b3bfc24fc2123bddfd393500ece4600ede743eb3b31f5d789a5153e577668658e8abfacc
SSDEEP

384:/imtZAqRZiSte7ZwedKS6w19Q/CEmkfsJyJ7sSMk+dRYHWfVMzPYkEx:/LZAqRZ7t2Zweww19Q6nSMk+Y2fVGP0

Score

10^/10

macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

670011a08ddcde9d1892593a968f87e9e8800248f6bb9b8967b05ec4c34b64d0.docm

Resource

win7-20221111-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

670011a08ddcde9d1892593a968f87e9e8800248f6bb9b8967b05ec4c34b64d0.docm

Resource

win10v2004-20221111-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://belombre.com/js/bin.exe

Targets

- Target
  
  670011a08ddcde9d1892593a968f87e9e8800248f6bb9b8967b05ec4c34b64d0
- Size
  
  21KB
- MD5
  
  720f6555332b5fee6755debc506c6dd5
- SHA1
  
  4a2d406e5aff77159ee39067383302420231b045
- SHA256
  
  670011a08ddcde9d1892593a968f87e9e8800248f6bb9b8967b05ec4c34b64d0
- SHA512
  
  295238351c882e129ceaac7d8d248a40d24b2d085cc78817d3334f03b3bfc24fc2123bddfd393500ece4600ede743eb3b31f5d789a5153e577668658e8abfacc
- SSDEEP
  
  384:/imtZAqRZiSte7ZwedKS6w19Q/CEmkfsJyJ7sSMk+dRYHWfVMzPYkEx:/LZAqRZ7t2Zweww19Q6nSMk+Y2fVGP0
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy