General

  • Target

    Advanced Potion Making for Housewives.doc

  • Size

    34KB

  • Sample

    240524-sbtdnahh6s

  • MD5

    469b95fc86426a814f5da1ef157f4ef9

  • SHA1

    8f593a506441acff807bcc817f8ea4c39bba1c69

  • SHA256

    551ba458639eeb32bcf9466a145166979701f9e923167c6109f5a4628548aeef

  • SHA512

    fec0a9eedade34085a000ed9754d4ee78d5ef7c8cd7aacf81f982d55035c51f08f4dccf43f26543db9ad018aa7128fe6b58076263019bde9ab4d4e4f29b58530

  • SSDEEP

    192:j6a7eHQYZEvAqkf01Y6/6rJ984woO+QHj1gPja3xSdYinDSdhshBbw8ri50jgtz4:j6T5iSJPw+QD1gQ6z1hBNi50j05tpY

Malware Config

Targets

    • Target

      Advanced Potion Making for Housewives.doc

    • Size

      34KB

    • MD5

      469b95fc86426a814f5da1ef157f4ef9

    • SHA1

      8f593a506441acff807bcc817f8ea4c39bba1c69

    • SHA256

      551ba458639eeb32bcf9466a145166979701f9e923167c6109f5a4628548aeef

    • SHA512

      fec0a9eedade34085a000ed9754d4ee78d5ef7c8cd7aacf81f982d55035c51f08f4dccf43f26543db9ad018aa7128fe6b58076263019bde9ab4d4e4f29b58530

    • SSDEEP

      192:j6a7eHQYZEvAqkf01Y6/6rJ984woO+QHj1gPja3xSdYinDSdhshBbw8ri50jgtz4:j6T5iSJPw+QD1gQ6z1hBNi50j05tpY

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks