57fa6b0245f3a5009e57da1d0cac9466f07e61bf37db7d3c9f59eee2ce4db1e7 | Triage

Submit
Reports

Overview

overview

Static

static

8

57fa6b0245...e7.doc

windows7-x64

57fa6b0245...e7.doc

windows10-2004-x64

Sharing

General

Target

57fa6b0245f3a5009e57da1d0cac9466f07e61bf37db7d3c9f59eee2ce4db1e7
Size

385KB
Sample

240410-m6532sde24
MD5

18889d70d5546b861c6fa4ec11126942
SHA1

eef7ed8bd9bcee074e917cf295badf9ad5de936f
SHA256

57fa6b0245f3a5009e57da1d0cac9466f07e61bf37db7d3c9f59eee2ce4db1e7
SHA512

3c29433131e3a039eccbe459a56042e639c39700caaa2c8d7bffa7bb61021f14c8bf58ccbabb5a4a4a8fb056e5c086b13aaea7464d2c9cc6f1d74cada2cd2646
SSDEEP

6144:55fBfm2t8aGhy50K+gGm7R82m4FX36pr0Ko2:5Xm2tVGhy50O7K2D9Ku

Score

10^/10

macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

57fa6b0245f3a5009e57da1d0cac9466f07e61bf37db7d3c9f59eee2ce4db1e7.doc

Resource

win7-20231129-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

57fa6b0245f3a5009e57da1d0cac9466f07e61bf37db7d3c9f59eee2ce4db1e7.doc

Resource

win10v2004-20240226-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://www.4sync.com/web/directDownload/nJJrbwEJ/rHb0lMWD.782eb24360173e96058a01a45c67031e

Targets

- Target
  
  57fa6b0245f3a5009e57da1d0cac9466f07e61bf37db7d3c9f59eee2ce4db1e7
- Size
  
  385KB
- MD5
  
  18889d70d5546b861c6fa4ec11126942
- SHA1
  
  eef7ed8bd9bcee074e917cf295badf9ad5de936f
- SHA256
  
  57fa6b0245f3a5009e57da1d0cac9466f07e61bf37db7d3c9f59eee2ce4db1e7
- SHA512
  
  3c29433131e3a039eccbe459a56042e639c39700caaa2c8d7bffa7bb61021f14c8bf58ccbabb5a4a4a8fb056e5c086b13aaea7464d2c9cc6f1d74cada2cd2646
- SSDEEP
  
  6144:55fBfm2t8aGhy50K+gGm7R82m4FX36pr0Ko2:5Xm2tVGhy50O7K2D9Ku
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2025

Terms | Privacy