Overview

overview

10

Static

static

1

RY94HT.docx

windows7-x64

8

RY94HT.docx

windows10-2004-x64

10

Resubmissions

25/06/2024, 08:51

240625-kr7l8azcrc 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    RY94HT.docx.doc

  • Size

    78KB

  • Sample

    240625-kr7l8azcrc

  • MD5

    8a9fa85139fa2d1703b9e829194386e3

  • SHA1

    c806f09a1e941406ffc8172d85c2e811d77a2666

  • SHA256

    e8f03287c51f6b2992c960c487de1b74d64571a590ce84de7aced738516d699c

  • SHA512

    d354c017a0d5873e1fea65048cc1454f944badf8a6d742ec5081f44bae65e08e448c3d27ebf4b274d920aa6a9a5d45bac83705179f6b2f072aad7f504590ee96

  • SSDEEP

    1536:qYsWvkcezR1I/qpzVAG3yFqmlkxDvRwuThQgkMf5wzwrI2TafagDiGlOyS+n5cJ8:lXe912Gz3qlOvRxQgrfy92qagDiGloJ8

Score
10/10
execution

Malware Config

Targets

    • Target

      RY94HT.docx.doc

    • Size

      78KB

    • MD5

      8a9fa85139fa2d1703b9e829194386e3

    • SHA1

      c806f09a1e941406ffc8172d85c2e811d77a2666

    • SHA256

      e8f03287c51f6b2992c960c487de1b74d64571a590ce84de7aced738516d699c

    • SHA512

      d354c017a0d5873e1fea65048cc1454f944badf8a6d742ec5081f44bae65e08e448c3d27ebf4b274d920aa6a9a5d45bac83705179f6b2f072aad7f504590ee96

    • SSDEEP

      1536:qYsWvkcezR1I/qpzVAG3yFqmlkxDvRwuThQgkMf5wzwrI2TafagDiGlOyS+n5cJ8:lXe912Gz3qlOvRxQgrfy92qagDiGloJ8

    Score
    10/10
    execution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks