Overview

overview

10

Static

static

8

09251fe38e...f.dotm

windows7-x64

10

09251fe38e...f.dotm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3ea89b61e3bf9a3a27ed3caf6ac26be.bin

  • Size

    32KB

  • Sample

    240427-b3922shc9s

  • MD5

    7b0e95ab337498ccd4f996f9455811c5

  • SHA1

    71d4338fb8d3db70499eb16894b212567925325a

  • SHA256

    081a28b091aa6742e3f93e0ed2090d33a8cba0e46b4825e77bfc1b5b4bbd27fa

  • SHA512

    41b9b03801466935972e3a8f7f5ada3fe19008b5af39b29969a2631e09befac26749b5b6c8c0c455156da3596b1eeb4973b3925125e0d44ef3184dca517b3b4a

  • SSDEEP

    768:n2D96/3ChYPG6YfvMOS4a/F5fs6Tnb67YCXEOTIq7nNC4234h01OqCb6VhFK/DmM:2D96PoYPGtHq4OVrb67TXNP7nNCwdq10

Score
10/10
macro

Malware Config

Targets

    • Target

      09251fe38ebaed5f4dc381ee06c811f5d78e6e65a60f51d6082d72e8772024ff.doc

    • Size

      36KB

    • MD5

      a3ea89b61e3bf9a3a27ed3caf6ac26be

    • SHA1

      de6ed557f4cc4da8ae83f89810768b1c3a0714cb

    • SHA256

      09251fe38ebaed5f4dc381ee06c811f5d78e6e65a60f51d6082d72e8772024ff

    • SHA512

      d11a1de6e5a7371fbc682115c76a5c177cbc8a388478a616e9c936638ae8f5c1a8e12f2d4c9c6a8938a0fa6b3977f7db7fb4072a0e0cbb63fd8340bc61b243b3

    • SSDEEP

      768:ilqKCcKBFeSWjKif3y+5Jl7qRpqtfeMZ3VdiiZJYxbBSzDHaA:SRXKBFjWjN/y+5TuWQM9Vdfqbk/aA

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks