Overview

overview

10

Static

static

8

gescanntes...nt.doc

windows7-x64

10

Resubmissions

17-03-2023 10:17

230317-mbr8pshf9x 10

16-03-2023 13:49

230316-q42vdsba75 10

16-03-2023 13:38

230316-qxl6csdc9w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MDE_File_Sample_cf9e4c7534e0116cae7f8714e3284061ce058ff6.zip

  • Size

    658KB

  • Sample

    230317-mbr8pshf9x

  • MD5

    64255eb2063a52f65970fdf1cb0c85df

  • SHA1

    00f06987ac2bf9a79138dbe0837d76afe63b5088

  • SHA256

    4e943075967fb249b56a16f3f7c9d647e98d6d85af2b162aa623ee7fc33dc331

  • SHA512

    85f718dda27ff9d89910aa9d2c19e695c9770e88e0f4144f9e2ab8022972767c788699d40a2f9b3f3142a3ca30f4beda2627e574ae4f6ddbc1cd46474160415b

  • SSDEEP

    12288:PyXIqz8+7UpplLvc+sB/imDYQnpVglo08YprdZlA0LIhCHotWZ/j/IG0Do:q4m8fxvi/iGtMlLZi0THUM

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      gescanntes-Dokument.doc

    • Size

      535.8MB

    • MD5

      10b71d7f695ac3f1a6267d132c825db6

    • SHA1

      02a7b36c21a416b9a2b094a0a3b6eed005673985

    • SHA256

      3695ed0ba836d615bbadea21eefaf5c0b565a4af6aff8c09aba17b3e3dbd2ada

    • SHA512

      6686b2d0f608151b8268991c39e7f39acf1a8f13abc421b8679e1c32e4bd5c96b77e1a7a8ac2e58b011a0bebf5ee187b022bdaeebfa143bc1016ba75eca10303

    • SSDEEP

      12288:XxYDQ8EW+Ba+qKYR08a72L2X0dMzPPqvBUEu3uNsRAPYwT4q3MJ/d:2DPElaSUqqafj9Q4ZJ/d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks