General

  • Target

    Loch Ness Monster Research Log.doc

  • Size

    34KB

  • Sample

    240524-slwxjaae72

  • MD5

    3a18c5fb28a247ffa096836ad14e8409

  • SHA1

    c476a52481ba5b7a77ec8adf01b1d28ea3fcd5cd

  • SHA256

    5194f4a358da0c1a36ee7aae9d72d9f4d810ed7bfdf28b0ddf4b36ecf862535d

  • SHA512

    93f323d89da7f40c09a56fa228c6b682f38f28032ee89cba1748acbd5fda85884302970b62d10ed6aebb943037ba3b1a7b8c4470ea10f2703773d8fce819b121

  • SSDEEP

    384:Eiy5O6e7iSJPw+QD1xvlzWJBIX50jNet:nM+kBlVJ

Malware Config

Targets

    • Target

      Loch Ness Monster Research Log.doc

    • Size

      34KB

    • MD5

      3a18c5fb28a247ffa096836ad14e8409

    • SHA1

      c476a52481ba5b7a77ec8adf01b1d28ea3fcd5cd

    • SHA256

      5194f4a358da0c1a36ee7aae9d72d9f4d810ed7bfdf28b0ddf4b36ecf862535d

    • SHA512

      93f323d89da7f40c09a56fa228c6b682f38f28032ee89cba1748acbd5fda85884302970b62d10ed6aebb943037ba3b1a7b8c4470ea10f2703773d8fce819b121

    • SSDEEP

      384:Eiy5O6e7iSJPw+QD1xvlzWJBIX50jNet:nM+kBlVJ

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

MITRE ATT&CK Enterprise v15

Tasks