Overview

overview

10

Static

static

8

8dfedb354b...06.doc

windows7-x64

10

8dfedb354b...06.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8dfedb354b4d23fb31c24d449dae841a40759d8ed04a904bbb271f08dfa6e006.doc

  • Size

    2.0MB

  • Sample

    230321-r438wsde51

  • MD5

    e63111495afd24a4c1b2750184ae1343

  • SHA1

    dab97a64d230868d0171608cae78dc470bc14a79

  • SHA256

    8dfedb354b4d23fb31c24d449dae841a40759d8ed04a904bbb271f08dfa6e006

  • SHA512

    32c6fc0b5f829772e04e2f4549c16fc11ec9f489f5e5992019464804ec0d1de4bc14fd3b6f991f5d857fb8e3dadc517736856c8f8e3e1fba46328387237031b6

  • SSDEEP

    49152:tA/JM+fA7G/K1c695qBC0FG/Q6c2+t1CtmVKiFNG+HtNSMb3nj+0NKwg:O++o7h+6vSVd1SifG+HtdjfP

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      8dfedb354b4d23fb31c24d449dae841a40759d8ed04a904bbb271f08dfa6e006.doc

    • Size

      2.0MB

    • MD5

      e63111495afd24a4c1b2750184ae1343

    • SHA1

      dab97a64d230868d0171608cae78dc470bc14a79

    • SHA256

      8dfedb354b4d23fb31c24d449dae841a40759d8ed04a904bbb271f08dfa6e006

    • SHA512

      32c6fc0b5f829772e04e2f4549c16fc11ec9f489f5e5992019464804ec0d1de4bc14fd3b6f991f5d857fb8e3dadc517736856c8f8e3e1fba46328387237031b6

    • SSDEEP

      49152:tA/JM+fA7G/K1c695qBC0FG/Q6c2+t1CtmVKiFNG+HtNSMb3nj+0NKwg:O++o7h+6vSVd1SifG+HtdjfP

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks