Overview

overview

10

Static

static

8

451f50db8b...f.dotm

windows7-x64

10

Resubmissions

17-03-2023 10:35

230317-mm4qwahg8t 10

17-03-2023 10:19

230317-mchewsff97 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    451f50db8bc6719f3d34abc3ee3b907ac999c4139b58cab91066248d3b04c80f.docx

  • Size

    21KB

  • Sample

    230317-mm4qwahg8t

  • MD5

    d382cc7f10fdaec150184941b68cf39e

  • SHA1

    48246205890e1ad8b1d8ceb252f2f79ada5d5750

  • SHA256

    451f50db8bc6719f3d34abc3ee3b907ac999c4139b58cab91066248d3b04c80f

  • SHA512

    edecc7994edc895af26bb7615216316711ea887260b1108a8cc5fb9d747b1d4fb7d97940ebdc68d202aaf9a173686104627f660800ee73c532a2d14096e8c7ba

  • SSDEEP

    384:tmtGJQNvuJgxw79kY9+zpfcKl2HnQSB6sx9B3dX:q+QhuJgx6k/52HQSBxx9X

Score
10/10
macro

Malware Config

Targets

    • Target

      451f50db8bc6719f3d34abc3ee3b907ac999c4139b58cab91066248d3b04c80f.docx

    • Size

      21KB

    • MD5

      d382cc7f10fdaec150184941b68cf39e

    • SHA1

      48246205890e1ad8b1d8ceb252f2f79ada5d5750

    • SHA256

      451f50db8bc6719f3d34abc3ee3b907ac999c4139b58cab91066248d3b04c80f

    • SHA512

      edecc7994edc895af26bb7615216316711ea887260b1108a8cc5fb9d747b1d4fb7d97940ebdc68d202aaf9a173686104627f660800ee73c532a2d14096e8c7ba

    • SSDEEP

      384:tmtGJQNvuJgxw79kY9+zpfcKl2HnQSB6sx9B3dX:q+QhuJgx6k/52HQSBxx9X

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Deletes itself

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks