General

  • Target

    BASF Purchase Order.doc

  • Size

    75KB

  • Sample

    240603-kw4q5ahf2y

  • MD5

    79b8cf99303217fe4f267ba133e54c1e

  • SHA1

    32b19642fd76fb71c64bf73cd2ff5bb993a6c0a5

  • SHA256

    3a332f1b11c8801f0197a99e8a6984c0fe2cafa0a68d75d4779b9e9e875d55e8

  • SHA512

    9e75bdc1ffb067e6d7fcf6be16c6cafc62fabc99d2d777f8a6fda94866a8cd44660b136d2c92f1a6408fc8815eb023bdbe363c3b721e25cb7258995017bb9d56

  • SSDEEP

    768:owAbZSibMX9gRWjTMd2cLJpRXUx78Fl3lqrfQD:owAlRPd2cLJpprFl3QrE

Score
10/10

Malware Config

Targets

    • Target

      BASF Purchase Order.doc

    • Size

      75KB

    • MD5

      79b8cf99303217fe4f267ba133e54c1e

    • SHA1

      32b19642fd76fb71c64bf73cd2ff5bb993a6c0a5

    • SHA256

      3a332f1b11c8801f0197a99e8a6984c0fe2cafa0a68d75d4779b9e9e875d55e8

    • SHA512

      9e75bdc1ffb067e6d7fcf6be16c6cafc62fabc99d2d777f8a6fda94866a8cd44660b136d2c92f1a6408fc8815eb023bdbe363c3b721e25cb7258995017bb9d56

    • SSDEEP

      768:owAbZSibMX9gRWjTMd2cLJpRXUx78Fl3lqrfQD:owAlRPd2cLJpprFl3QrE

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks