f0d99b7056dac946af19b50e27855b89f00550d3d8dc420a28731814a039d052 | Triage

Submit
Reports

Overview

overview

Static

static

8

f0d99b7056...52.doc

windows7-x64

f0d99b7056...52.doc

windows10-2004-x64

Sharing

General

Target

f0d99b7056dac946af19b50e27855b89f00550d3d8dc420a28731814a039d052
Size

496KB
Sample

240410-r873msbh53
MD5

664104684583dcca00c6aa94b2d5e8ca
SHA1

9b41eac0a97ab72885cd15e4d6beb93cfc55ae6d
SHA256

f0d99b7056dac946af19b50e27855b89f00550d3d8dc420a28731814a039d052
SHA512

aad9b61dd58fdb8e0c2bbcaf4da4e57fed86c59bfbeef4db91dbf9bc9b58aca98bd93f19c3ea27684c72bff5c8bb13efd4a1f7373db7fbe4954a87df1e3fa4ea
SSDEEP

12288:w+ImtwTAC9FbeVlzxhSBEc4xcNUqws24z7rcr:w+qn9lANxhSSlmNPwsDPr

Score

10^/10

macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

f0d99b7056dac946af19b50e27855b89f00550d3d8dc420a28731814a039d052.doc

Resource

win7-20240221-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0d99b7056dac946af19b50e27855b89f00550d3d8dc420a28731814a039d052.doc

Resource

win10v2004-20240226-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

http://1833.site/rsm1975.exe

Targets

- Target
  
  f0d99b7056dac946af19b50e27855b89f00550d3d8dc420a28731814a039d052
- Size
  
  496KB
- MD5
  
  664104684583dcca00c6aa94b2d5e8ca
- SHA1
  
  9b41eac0a97ab72885cd15e4d6beb93cfc55ae6d
- SHA256
  
  f0d99b7056dac946af19b50e27855b89f00550d3d8dc420a28731814a039d052
- SHA512
  
  aad9b61dd58fdb8e0c2bbcaf4da4e57fed86c59bfbeef4db91dbf9bc9b58aca98bd93f19c3ea27684c72bff5c8bb13efd4a1f7373db7fbe4954a87df1e3fa4ea
- SSDEEP
  
  12288:w+ImtwTAC9FbeVlzxhSBEc4xcNUqws24z7rcr:w+qn9lANxhSSlmNPwsDPr
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2024

Terms | Privacy