Overview

overview

10

Static

static

1

BEM00263.docx

windows7-x64

10

BEM00263.docx

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    BEM00263.docx

  • Size

    22KB

  • Sample

    231122-dl778shh28

  • MD5

    92ef75a3ee0a68490eff334e4dcd7627

  • SHA1

    a45dc186286d95acf747f9aa521fb3b39a229b07

  • SHA256

    d16b6458ecfca8bfe19aff18071efcf91d1d5b11c056f1a764044e1242e8f15e

  • SHA512

    dbe5020d6e36d2d8cdbb55328de1e19e2c86dfff491850bdaec68ed975da1c0b47f5f3695cfab896090797fd92daed80e4953952e2434db33d0c5509644bd98d

  • SSDEEP

    384:LrR+wlG6f59UORfqNy4Y0Fivd7ZMM4EUS9rDhCl0mppO7+S88m91v8tIQ:LrpomfsRYKiAMx9Xg0mpa6Z8

Score
10/10

Malware Config

Targets

    • Target

      BEM00263.docx

    • Size

      22KB

    • MD5

      92ef75a3ee0a68490eff334e4dcd7627

    • SHA1

      a45dc186286d95acf747f9aa521fb3b39a229b07

    • SHA256

      d16b6458ecfca8bfe19aff18071efcf91d1d5b11c056f1a764044e1242e8f15e

    • SHA512

      dbe5020d6e36d2d8cdbb55328de1e19e2c86dfff491850bdaec68ed975da1c0b47f5f3695cfab896090797fd92daed80e4953952e2434db33d0c5509644bd98d

    • SSDEEP

      384:LrR+wlG6f59UORfqNy4Y0Fivd7ZMM4EUS9rDhCl0mppO7+S88m91v8tIQ:LrpomfsRYKiAMx9Xg0mpa6Z8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks