Overview

overview

10

Static

static

8

c8edb29a5a...8.docm

windows7-x64

10

c8edb29a5a...8.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8edb29a5a9c93f49cbf1d31863330594421c7146082812c4bb0ad01a9088418

  • Size

    15KB

  • Sample

    221130-vprhbsce8w

  • MD5

    b7dd6ccbbdf8b00433bd5b33239db913

  • SHA1

    5090e3f405956a5395121b2c3678f2283103f290

  • SHA256

    c8edb29a5a9c93f49cbf1d31863330594421c7146082812c4bb0ad01a9088418

  • SHA512

    93993a5642df340866ad720bff571f5ab46433491c698e5021912b515daa51ebf6bc414597e645d44704e69b09a833275c4c33261afee39f4fc63dd9b8134d1f

  • SSDEEP

    384:/imtzvdh2qTEmn0i13Ln4uRFX6Ujnw+3VqEkzB:/LS9cv13L1RAH+3Vqt

Score
10/10
macro

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://the.earth.li/~sgtatham/putty/latest/w32/putty.exe

Targets

    • Target

      c8edb29a5a9c93f49cbf1d31863330594421c7146082812c4bb0ad01a9088418

    • Size

      15KB

    • MD5

      b7dd6ccbbdf8b00433bd5b33239db913

    • SHA1

      5090e3f405956a5395121b2c3678f2283103f290

    • SHA256

      c8edb29a5a9c93f49cbf1d31863330594421c7146082812c4bb0ad01a9088418

    • SHA512

      93993a5642df340866ad720bff571f5ab46433491c698e5021912b515daa51ebf6bc414597e645d44704e69b09a833275c4c33261afee39f4fc63dd9b8134d1f

    • SSDEEP

      384:/imtzvdh2qTEmn0i13Ln4uRFX6Ujnw+3VqEkzB:/LS9cv13L1RAH+3Vqt

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks