Overview

overview

7

Static

static

1

wordweb10.exe

windows7-x64

7

wordweb10.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MDE_File_Sample_eeff9e6ca487420d461a3dada9150b73ec2d6218.zip

  • Size

    22.9MB

  • Sample

    230206-ttzttsaa71

  • MD5

    759cd6d7b838c7f31767543dedd18810

  • SHA1

    c3bda549a207391a835a3f32832102443c99cc1b

  • SHA256

    01c83f442cd36eeb2d86f0cc2182e6b5819262b107d9ab96bc650848f9b98332

  • SHA512

    91aba99d6babea7965da196a4525b1f607c010b0c9e056b06f57e745fcae5de19e711d43bcec094ed9ab060a85c6e54f75356ae0ea95f8f21172a6b40924451a

  • SSDEEP

    393216:JwLUEFIECWmv3SK2VEY99BnodQp+qG3+HJ2bmaHJgnKYh/7yJE4Eyi:JwFId8K2Vb9D5wh8J2SaG3h/7yy4Eyi

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      wordweb10.exe

    • Size

      23.1MB

    • MD5

      fd69dcafab00959c0baa687b94aa322d

    • SHA1

      eeff9e6ca487420d461a3dada9150b73ec2d6218

    • SHA256

      9ed47b0850d04ba9dc634ab35429ee7726531f22f2622c61a71aca10a5cd5c97

    • SHA512

      0e021a7cb673491ac447323f074f2effbd2643198a2e28e03e4c2fa3b978d06157af9680c4c4acae65f4a20f4a05514e47beb4a468ced60f8fa83796879f1fe3

    • SSDEEP

      393216:LUkmSfsWdVn/MTneIuNJ6/1et26/FJTSdQZ3ZgbkPkEorTax+7el2SNI2jxEoWZ1:LUmfBTunduS1lcFJTispakZ/BI22v0SJ

    Score
    7/10
    discoverypersistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks