Overview

overview

10

Static

static

8

0bf7da0f25...1a.doc

windows7-x64

10

0bf7da0f25...1a.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bf7da0f25207576120c998df04bd26dc9804eac1fdd20aaddb579ed1a07ea1a.doc

  • Size

    2.0MB

  • Sample

    230124-3sd1eafh3s

  • MD5

    fce399c585eb54bd65f47d6b967e3168

  • SHA1

    84d85068b9ffee61893566333fd08fb0182d5f53

  • SHA256

    0bf7da0f25207576120c998df04bd26dc9804eac1fdd20aaddb579ed1a07ea1a

  • SHA512

    299bbf15505ce278a352bd4a93a4dab2083d974b79e324748629e986489f16459403e1a8db29c04c073336d97d881c9430d07f503651221e0c2da5d04c7e6209

  • SSDEEP

    1536:JFFhFFFFTqPnFFFFzFFxFFFsFFFFFlFFe606HHHHHHHH3NmuwUlLdoo6HfLRGg1N:dwh3/0g1Ht

Score
10/10
evasionmacromacro_on_action

Malware Config

Targets

    • Target

      0bf7da0f25207576120c998df04bd26dc9804eac1fdd20aaddb579ed1a07ea1a.doc

    • Size

      2.0MB

    • MD5

      fce399c585eb54bd65f47d6b967e3168

    • SHA1

      84d85068b9ffee61893566333fd08fb0182d5f53

    • SHA256

      0bf7da0f25207576120c998df04bd26dc9804eac1fdd20aaddb579ed1a07ea1a

    • SHA512

      299bbf15505ce278a352bd4a93a4dab2083d974b79e324748629e986489f16459403e1a8db29c04c073336d97d881c9430d07f503651221e0c2da5d04c7e6209

    • SSDEEP

      1536:JFFhFFFFTqPnFFFFzFFxFFFsFFFFFlFFe606HHHHHHHH3NmuwUlLdoo6HfLRGg1N:dwh3/0g1Ht

    Score
    10/10
    evasion

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Hidden Files and Directories

2
T1158

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Hidden Files and Directories

2
T1158

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks