Overview

overview

10

Static

static

8

DOCUMENTO ...-.docm

windows7-x64

10

DOCUMENTO ...-.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOCUMENTO DE EJEMPLO -.docm

  • Size

    76KB

  • Sample

    230330-lkbrmsca32

  • MD5

    ffc30716b9d1a573c91baecc7c78dd11

  • SHA1

    e0bd9f5b1e8360778466f6e66a8f1b5104dae1ea

  • SHA256

    36efb55ec131f10035c95424d1352b564989af80d8a8a8580434a6528e2bc6e9

  • SHA512

    dfc3df6ea5191b38eb2f2d524d4374ad1eca7225a0ec9f6f165caf54436c2359b241e6262d845a33b4cfe8596bece076527f4dd3529f3838acfccf2f6477bd30

  • SSDEEP

    1536:ZoRFzjY13RQIcS1TIF0Ide4Pyc7orwTUSfxouET8j:eRZc8ATIF0Ide4PyZSfX

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://192.168.0.109/Invoke-PowerShellTcp.ps1

Targets

    • Target

      DOCUMENTO DE EJEMPLO -.docm

    • Size

      76KB

    • MD5

      ffc30716b9d1a573c91baecc7c78dd11

    • SHA1

      e0bd9f5b1e8360778466f6e66a8f1b5104dae1ea

    • SHA256

      36efb55ec131f10035c95424d1352b564989af80d8a8a8580434a6528e2bc6e9

    • SHA512

      dfc3df6ea5191b38eb2f2d524d4374ad1eca7225a0ec9f6f165caf54436c2359b241e6262d845a33b4cfe8596bece076527f4dd3529f3838acfccf2f6477bd30

    • SSDEEP

      1536:ZoRFzjY13RQIcS1TIF0Ide4Pyc7orwTUSfxouET8j:eRZc8ATIF0Ide4PyZSfX

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks