Overview

overview

10

Static

static

8

Facture.docm

windows7-x64

10

Facture.docm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Facture.docm

  • Size

    505KB

  • Sample

    240604-tb8n1scf77

  • MD5

    748b7fcafc15b5080e50d6190be570b4

  • SHA1

    918be8df9562fb4f736e9df72aa0eb8d25d8eb0a

  • SHA256

    9258e57974d5a80470a582e5ca6a22a11bda60ae2c7de1776845b70bc0697bf8

  • SHA512

    e4724d9c12ae3684a2066b7276978dbac709cf6124f7ae93759380e7b8c83d9139c50c7890259ed7178cb234af0501a17042def775cc4b3aa4090449e946cd2e

  • SSDEEP

    12288:oF88TNPJ+GW2FIpXGPhIlceCgqsv/0w7ZO0dwWVj19uJEw+YeUe1:6bxFWsAGoCDsEwc9G9uIYe7

Score
10/10
executionmacro

Malware Config

Targets

    • Target

      Facture.docm

    • Size

      505KB

    • MD5

      748b7fcafc15b5080e50d6190be570b4

    • SHA1

      918be8df9562fb4f736e9df72aa0eb8d25d8eb0a

    • SHA256

      9258e57974d5a80470a582e5ca6a22a11bda60ae2c7de1776845b70bc0697bf8

    • SHA512

      e4724d9c12ae3684a2066b7276978dbac709cf6124f7ae93759380e7b8c83d9139c50c7890259ed7178cb234af0501a17042def775cc4b3aa4090449e946cd2e

    • SSDEEP

      12288:oF88TNPJ+GW2FIpXGPhIlceCgqsv/0w7ZO0dwWVj19uJEw+YeUe1:6bxFWsAGoCDsEwc9G9uIYe7

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks