Overview

overview

10

Static

static

1

specifikációk.xls

windows7-x64

10

specifikációk.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    ENTIRE_MESSAGE.eml

  • Size

    1.7MB

  • Sample

    230815-r6yfesdb2v

  • MD5

    40dd6131c64066450102cde1f266188f

  • SHA1

    2f907fda32782e3617d515c7af584f67b1516082

  • SHA256

    f88dfa42962178a8ae6c28ca80ea8aea32c37896075937e7180b0257dda55c05

  • SHA512

    caefbccde12e588516f50e6e1c30c166753671a125806bf6e5600c08b852f4c0d240848f91d1418f0879782645845570a8ea6415c861282922d88bc887874bfb

  • SSDEEP

    24576:FnUuSN7RqRBiPM2yzIpF+/rNPM3TAqTeU6+bxeJQSVATNkkPwe5q8CsQ:3Icn0E82

Score
10/10

Malware Config

Targets

    • Target

      specifikációk.xls

    • Size

      1.3MB

    • MD5

      dd80924ef01d631fffb4eff4311863d4

    • SHA1

      834921ed2647cde9d783f073f4208b692489d27b

    • SHA256

      38f7c5656140ebaed0b9ba69f1696576fff3d9ce5a87f77f1b2096277a4a0df6

    • SHA512

      223420a13c13634f7111a273ae294bbbed9e9db5e0a6f21e41d72f6e2771f055cc9c389deff1fef9a8d88b112ed4e52228958ee32eca73cda29a0f6e718001bf

    • SSDEEP

      24576:qaZy0w6VgjKaWlEzp7a0Zyaw6VejKaWlEzp7akzdXwyb7QAFQp5E/Qwrx:qE86VgjKjOzJy6VejKjOzDdB7/FX/QA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks