Overview

overview

10

Static

static

10

CVE.zip

windows7-x64

1

CVE.zip

windows10-2004-x64

1

CVE/CVE-20...9d.zip

windows7-x64

1

CVE/CVE-20...9d.zip

windows10-2004-x64

1

CVE/CVE-20...b6.zip

windows7-x64

1

CVE/CVE-20...b6.zip

windows10-2004-x64

1

CVE/CVE-20...8b.zip

windows7-x64

1

CVE/CVE-20...8b.zip

windows10-2004-x64

1

CVE/CVE-20...bb.zip

windows7-x64

1

CVE/CVE-20...bb.zip

windows10-2004-x64

1

CVE/CVE-20...58.zip

windows7-x64

1

CVE/CVE-20...58.zip

windows10-2004-x64

1

CVE/CVE-20...fb.zip

windows7-x64

1

CVE/CVE-20...fb.zip

windows10-2004-x64

1

CVE/CVE-20...bc.zip

windows7-x64

1

CVE/CVE-20...bc.zip

windows10-2004-x64

1

CVE/CVE-20...a7.zip

windows7-x64

1

CVE/CVE-20...a7.zip

windows10-2004-x64

1

CVE/CVE-20...ce.zip

windows7-x64

1

CVE/CVE-20...ce.zip

windows10-2004-x64

1

CVE/CVE-20...ed.zip

windows7-x64

1

CVE/CVE-20...ed.zip

windows10-2004-x64

1

CVE/CVE-20...6c.zip

windows7-x64

1

CVE/CVE-20...6c.zip

windows10-2004-x64

1

CVE/CVE-20...3e.zip

windows7-x64

1

CVE/CVE-20...3e.zip

windows10-2004-x64

1

CVE/CVE-20...9d.zip

windows7-x64

1

CVE/CVE-20...9d.zip

windows10-2004-x64

1

CVE/CVE-20...c4.zip

windows7-x64

1

CVE/CVE-20...c4.zip

windows10-2004-x64

1

CVE/CVE-20...c9.zip

windows7-x64

1

CVE/CVE-20...c9.zip

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CVE.zip

  • Size

    79.2MB

  • Sample

    240115-yg6h3adhfn

  • MD5

    b4ab26243da277c0113ef42247bbb37d

  • SHA1

    f2015365678e76376a134389dbd89bb2b78c3d64

  • SHA256

    9570491dcce6999848abf097b40674634b2f6100d5eb9e6cdfa9aca6218f26b9

  • SHA512

    9756cc830183b2fa13ea5b751b5ab481d699cce760a32432dc8fdcd6ed248c05dc86db6c8d444dc05756c02b9cab5de1f892ca0ecf3dded5802c058ef874da29

  • SSDEEP

    1572864:/VTXp3YeIUOUfNg7v6ZuZvGwGhyASeUj9WkvTfH6zGYKJIdDh:NXRYeWU1g7v6ZOGzyAjUj1vTv6zFiy

Score
10/10
evasionpdfwebsettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

http://investmenteducationkungykmtsdy8agender.duckdns.org/office/invoice_11153.doc

Targets

    • Target

      CVE.zip

    • Size

      79.2MB

    • MD5

      b4ab26243da277c0113ef42247bbb37d

    • SHA1

      f2015365678e76376a134389dbd89bb2b78c3d64

    • SHA256

      9570491dcce6999848abf097b40674634b2f6100d5eb9e6cdfa9aca6218f26b9

    • SHA512

      9756cc830183b2fa13ea5b751b5ab481d699cce760a32432dc8fdcd6ed248c05dc86db6c8d444dc05756c02b9cab5de1f892ca0ecf3dded5802c058ef874da29

    • SSDEEP

      1572864:/VTXp3YeIUOUfNg7v6ZuZvGwGhyASeUj9WkvTfH6zGYKJIdDh:NXRYeWU1g7v6ZOGzyAjUj1vTv6zFiy

    Score
    1/10
    behavioral1behavioral2

    • Target

      CVE/CVE-2010-2883/4c46e8f35ee5663cff59edcf6d5b9f51f491baf37079d33f8a24417c85a5cd9d.zip

    • Size

      692KB

    • MD5

      ac53ad653b1bbefadbbfc1e2b59c797c

    • SHA1

      ab61e401a73d721de5642df4843255c748381907

    • SHA256

      5e198fe2cf91527ca2bf8fc32551bf95daa765c711507124c98cec6852fc50b8

    • SHA512

      3a693fc99c66afe5dcbb25ed15c4b71007d1efe9ed75f09200b5d921fb1e7551136ca0180785ae524372a15d52e18ee409b4b1a262843e3e5139e2878e4c8eef

    • SSDEEP

      12288:7AskpVmpMCGxSq5ZjhdbjHIdMX5SiZkQNbNgsY3kI5uB3kkpz0UoIp+:7lWVeVGxSYjhNjMME3iAxUllpwUoIp+

    Score
    1/10
    behavioral3behavioral4

    • Target

      CVE/CVE-2013-2094/34574f0c683adda2944d2111f808239fedca8d6908ea8748e19b819683e752b6.zip

    • Size

      5KB

    • MD5

      87f25a0f8002ce336abfc23adfa0a07f

    • SHA1

      f2ddddb85ce4d76af1f615cced9556bf0006a3b6

    • SHA256

      7e7bcf34c872d975a3586507978f2d13be996c2ed51756eef0daa17acaaae8d8

    • SHA512

      91ec123a82c0efb6d540868a79246d032a612ae3440b768519e30a719fffb626b9246fc1465c31e93e91573880acbb95c4b38c8cc56f1a23a06bc66e2ea3dce7

    • SSDEEP

      96:tt+rVd2e4TqMrd0MWnw5e7YXQpwGM5OXhGjK2czBMD1WZD2yGQHrxqbkl0w1BmYm:tted2ZTrZ0MWnw877WOEj6sUZayGQLs/

    Score
    1/10
    behavioral5behavioral6

    • Target

      CVE/CVE-2016-7255/fec01ecfbc95ba154b19c1e9bb93edaa4bbed6628380b6670afe130e4b05c58b.zip

    • Size

      170KB

    • MD5

      fee6dc5b5b9a3c28d847917c8be04389

    • SHA1

      8f917bbc191831ab64573068bb37e9d343e02a4a

    • SHA256

      56dde708c9ab1eb4d75f47e2828651f9bff2bc3562d6a7c9b4f017f0c74736ae

    • SHA512

      a929f2e9b510e97acbe9930c4e5712a4e909b82697e96c24eed239fefdbb0f88e1dd2834d9a943eea71f115f167926d8a47a568cc18e1b1d8ce6acc5d710b8ee

    • SSDEEP

      3072:izVmrWaMCaC17nLtHAttP1yZypCUSTkD1Z3T/72hW5mDIoH1FDE9gdXptg8HjymD:izVKNa+7nxHAvUgC0b72IoV1hs83IGV

    Score
    1/10
    behavioral7behavioral8

    • Target

      CVE/CVE-2017-0199/b23aad76a523c780d42015490cff3209608454c016849f547e0584d78eaff4bb.zip

    • Size

      210KB

    • MD5

      1608f704942503a7c32545db75e917b5

    • SHA1

      4423fa4351ed327c4788cf038c654e5405fa4d68

    • SHA256

      38cfeb00dbc21f9350b34c0b1e413620b91ce36c2a9eedd33a8b9e45da41b611

    • SHA512

      8013e67f31d780c4c57804be2d370a83172dd9859619364a9b411e289c0cd405c3d32948bcdb9076fb6cbe81b9f84550f8a41ac897156bbce14c41abc065d706

    • SSDEEP

      6144:pqlun/T/tvBPlT+TruadCM4JU9Po6sz6A11Se:pqlunr/tZPl6T+JgPxsz310e

    Score
    1/10
    behavioral10behavioral9

    • Target

      CVE/CVE-2017-0199/f50686ddf8d9696bce0cde277261a7e901ec4ad3af1f57c71c3f24b1bc3fdb58.zip

    • Size

      9KB

    • MD5

      75f525f3e60d45c2335441b04187a50a

    • SHA1

      251077095a3a268f23305db1b3739a09f1909472

    • SHA256

      d0d4ee6d1da1173f6493dedf0dd405eb1f87859d5c7e5a61e7311feca147e576

    • SHA512

      59c9605c65350f87a661fcebef06d7f24217656e4a08c603852d2694710b995c1ac31794da5fdb57a98afc5558756fd886a3400e1699db12e43d36615d45a85f

    • SSDEEP

      192:W3OsjJlbu5jmCbpmZj5g4tilz84PADauMSvkcrpIxG5G1C3:63JlbupmCdmZj5gG/9MSvkcN+y6C3

    Score
    1/10
    behavioral11behavioral12

    • Target

      CVE/CVE-2017-0213/0a4a0f0df5eea57f16a76bff6489dd95a7089afba8e9e5c8bcadc46870af33fb.zip

    • Size

      68KB

    • MD5

      40acb79507e87af551e6b38ed2ac21cf

    • SHA1

      53bd13533513a8d0f1cd6cf3299b0bab0f992639

    • SHA256

      1ce65a0b5fddea28df6704cec19ca24e50be7649f46ad5d336ae3a25b301724f

    • SHA512

      e82a430a44ebdd03ddf427c3fff30d188594d0240a191dfbabb5a13f283e485c7d3f8f57403f726c7cc3c905ac080a6e97a80502897a2a29c1654d2f80c6683b

    • SSDEEP

      1536:ra9P//7kj6orE+KTTlhVW+asYkWuA8FlkRv4CM2XCMLt9NycE9QbwIGz6zEW4em:m9HQJYaskl8Fliv02yMLt9Ucnw56zE8m

    Score
    1/10
    behavioral13behavioral14

    • Target

      CVE/CVE-2017-0213/aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc.zip

    • Size

      77KB

    • MD5

      651cec85b42601f1e103308e4f268d47

    • SHA1

      bf7835ee3063d5d36e3b86cb78b79e2bbf7c86b7

    • SHA256

      09210a0c6ab2542f6d6924588bf3224e5c557fc98aca467704973f12a4760cd9

    • SHA512

      afee7688ed8242e572cc07aaaf9d37fba0da565599b6a5177dc7474e881c0d6c2e104d89a69ed6451849d89c0bac73dc5e7ca3c5bdee15ccf0332dbd66990552

    • SSDEEP

      1536:rBVFI6zBdvT0dH6W24/zRps3S1U2AREfjS+ykoXgYPHugJYHee87:vFbdFASKYULKkoXoeeo

    Score
    1/10
    behavioral15behavioral16

    • Target

      CVE/CVE-2017-11882/2e15de2fa5d58fb77fa17fe850cac04411b053d5d361a42f20d771252c44e7a7.zip

    • Size

      164KB

    • MD5

      59afe3da97536ab7a4044506bd039434

    • SHA1

      dcab62b5e41522ac00aac67a9771fbe05e402b45

    • SHA256

      2f4b3500e139b351dc0473ab827722ce1c1c05a65c65e030fa166f6ea15e7e1b

    • SHA512

      690084e2b684a1c9cd915bea043bec8b3d78b8185ec4d2e4a436f965ffb82422de14b07f95ba6f5a1866c0f15bf3f150dd3f363b5de0934a64971355ca5f395c

    • SSDEEP

      3072:xPuhJ5bA7DoJNvh+dEMwj4wnerxUlq5rdYlFDZTtXOQW3z6hsQoA:ub1JNp+qMs4btrdY3ZJXOQ6Qp

    Score
    1/10
    behavioral17behavioral18

    • Target

      CVE/CVE-2017-11882/94cee8a06bbddc2bf200c8b97cbcb670e50c9f0c07c9139def1034f71142a1ce.zip

    • Size

      27KB

    • MD5

      b4630b8f9568b210f10a1cafa6a6c12a

    • SHA1

      3143c99e094a2be0d406f9314b03ea15d11dab46

    • SHA256

      cc57306100320375bd388d2844f0d709ae5845bde9a4efdd8f73f724d396bfec

    • SHA512

      88c1c7e4a6e9b7696777fb8349e02de69134ab69a4327512fbcc1af0ed5ca8449976dbef26d9e3436b125b07dcbaae327af2f6eadc935f8a44f4895c09ee7e9b

    • SSDEEP

      768:vYSWMyIdgBOFJuTWbMnN79xD/zVixARk7cb:ASL9FJcdfViSRKcb

    Score
    1/10
    behavioral19behavioral20

    • Target

      CVE/CVE-2017-11882/dd6a5782cb05511209d6848f75652c9c9e2a41fdc75bc074141b3511484231ed.zip

    • Size

      345KB

    • MD5

      8b3c4c04fe117c7d99955075c843430f

    • SHA1

      8d028de95c6218f631235077caa0dd6a692d8a74

    • SHA256

      4eff85155eaf90d63490ffc726806013e3145454e0621415a2aebc3ba9cf6a23

    • SHA512

      bb519d1df634fd0bb1badc919cdd298868196fb7621ae94ffc8f740ae60a5d19e0df34666b39cc12e6aae0958b47ba00eb380f5ec213fe7774b6c74d9c0faa12

    • SSDEEP

      6144:nYkjCWhxEqpsKkL1jWtZJ230Ht2WIxe3Zu4MgLQGghjRyHAwGJHz/K6WKCwGnKwY:nYkjC8Z9A16F230vIIHMg8p+GJHz/VGY

    Score
    1/10
    behavioral21behavioral22

    • Target

      CVE/CVE-2018-8120/efa3f807a090dd6ed839496213cee3dfc6cef4633b45abb0f3b3a68b59ab416c.zip

    • Size

      37KB

    • MD5

      d86239a92147b494bc187bdb211f1e50

    • SHA1

      023c35648730a37eaeff0e04d649739c651b43de

    • SHA256

      926b970518fb7102154162d135dd98233959bbe4a31be8a18da8b95c2b80e9b5

    • SHA512

      c365c46d5f6228254955f52df192a02b5df4b1249e320e7ccf3d64526199b6924f8df956c1aa77e8e9fb03d7c3f1043844acd91e4fa2da8b674a567f67bd2f44

    • SSDEEP

      768:wZwkPmb3rZAkWAHpdAKmDagE56V0cMJtKp498r0ZzKosgKX/oY0XCOo:wZwku3rZOAHpdAK4a2WJtKpqjVKo0wVo

    Score
    1/10
    behavioral23behavioral24

    • Target

      CVE/CVE-2019-0752/b087bb92902e9a1efe451b332ded6196917e91b90a6301f09d76041aff0e053e.zip

    • Size

      2KB

    • MD5

      e6c5150b503be6b5d450f61db5aec093

    • SHA1

      45f0882bb362258c004ea013bd10f2e86150ba35

    • SHA256

      08c30d04080ca5151968b640fc94d61241eb16809db05d403f891805a13a1a7d

    • SHA512

      850932a33da73bac54191e291bdb5e417b3509ce4b5876084042ec0e165189f9463495f6878f82ad0ae6a1280ca940f364180fcf40f43fa3cb59d772fb9b098a

    Score
    1/10
    behavioral25behavioral26

    • Target

      CVE/CVE-2019-0752/f7f11acf012111e8777e9ee63c6bc9eeb42cca7b45b4d2094c6f61c7445f369d.zip

    • Size

      25KB

    • MD5

      20778617b830b8dc5f5a6a4e9d0df300

    • SHA1

      b48b1c5a8f6501ffd0a7487ec3c91cb5f6d6fc74

    • SHA256

      ee5f9122b4b11c14d45db6d800ac9e7a61d5940284b314402b01f366dfc72610

    • SHA512

      a90ac86c089f73ba198982b83d38b84e872c0cbd7e75a6a54c38ef1d5d4770c3f1e9f603138b2909ae2b74f1de2b9784700ada78b0ca5892e797c3f6b68b6408

    • SSDEEP

      384:/HkkWYjCpmkJZJakHGHy69y43axDq1mTNz90+0br/C8tvnwa214OjxCL2P5c+MEz:PQvpmkZn8/973Tc0RbrC85n0aOjE2iIJ

    Score
    1/10
    behavioral27behavioral28

    • Target

      CVE/CVE-2020-0668/25d0644abcd60f265f05633bab35cceb3e617b48334b3e8ddf0be3569aae31c4.zip

    • Size

      14KB

    • MD5

      50c10a1b6322ecec4b3ece56530029c2

    • SHA1

      998a0036c3842cc52c38bfcb224fca062f7942d3

    • SHA256

      a72bbfc2274e6cff42ab81ffe75653ba4275b3bbc231e76f5272092b458bfc41

    • SHA512

      557495f119877d1e52846cc456a9cc9ee88ad1c018ea8da4df64e8898966ae81f4ba5c069709669e59179fbb95cb432d16e31ea1f064ddf54cfcb262777d9ded

    • SSDEEP

      192:GRQtjTvi+38C2dng/cW1SqsDVuid0Pit9CALK7603TrE+hH8OrGpjMW3cjCeagRW:MQ9vVGa/DSDV30W9Cj60OOQLcjygW5X

    Score
    1/10
    behavioral29behavioral30

    • Target

      CVE/CVE-2020-7961/0e79ec7b00c14a4c576803a1fd2e8dd3ea077e4e98dafa77d26c0f9d6f27f0c9.zip

    • Size

      5KB

    • MD5

      c383bdb5fb958639ec5362aa2eedf02c

    • SHA1

      40e81ca53861fa725107ccf0ed9c55312bc9332a

    • SHA256

      197897bcf56f12f053c5d6d738866412de8a876ac617bfe26b4ce2e96609e7f6

    • SHA512

      b9d4b188a76d284fb95a21b0dcb406a05ce9c66f01abb9349fe25b543bf5391ed2a40cf23dc0d31482e8c7b376e384592e98abe5934b4aa0bced84406ef67770

    • SSDEEP

      96:lc88HncC0Fos30y391pHCPBV8aPMjPpd2b8xWs9fTA3ja+LmmdJ01XxcqH7rcuJX:m88Hctoxy391NCPBuaPsVr97A3/mmdqN

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix

Tasks

static1

pdfevasionwebsettings
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10