Overview

overview

8

Static

static

1

edr/database.docx

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edr.rar

  • Size

    69KB

  • Sample

    240403-r97hhaef5v

  • MD5

    2c9057ffae5c2d19aebdca3c9e30ef37

  • SHA1

    e78e542332ac2610ad57002ca1c96ead8b356d13

  • SHA256

    a98e991b22b3bf895e8a0ac765cf7ada32c0c12c143fcfc8940a30a4b406e736

  • SHA512

    2bfbf1628b82611cd094b3ac0d96baf2d4a8bd29ad9f5f06ba143334a015869e963ee1a12f7b5988960bfc5fb897ba2e58310cfb2ab069fbf6b3fecc7412bfec

  • SSDEEP

    1536:laF/W0yNi4dsr7MwyWVBnH9/BVd+U945avlkQj+UV:laF/gNk1NH9wrEvlkfUV

Score
8/10
discoverymotwphishing

Malware Config

Targets

    • Target

      edr/database.docx

    • Size

      9KB

    • MD5

      7b60eb197938d6a10642f8b3970bb585

    • SHA1

      16bcfe4c9d2c39c23475ebea0edce80681dcbdf2

    • SHA256

      620584658dfb952c4f7794ba3889967644bb17e9950801ef63d56cc85950253b

    • SHA512

      6d6ac98934bfffe3bcd28bfa8535d13014df2bc0f0185b83e6ddac2554828dd34c0bfeccfc8bc3230d15de7861191368c8176727d1453da672e9a2016f8fb748

    • SSDEEP

      192:D3GHCRi/xJRPU15V1bSVLdB+n+2ZX4+XrO+T9d6RI2o2aK:D3GHYiJJhSb4r+n+8X4+XhTP4I2baK

    Score
    8/10
    discoverymotwphishing

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks