Overview

overview

8

Static

static

1

e677d8183d...d3.rtf

windows7-x64

8

e677d8183d...d3.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e677d8183d89a410a3ce59db5a2722d3.rtf

  • Size

    90KB

  • Sample

    240719-hvcj5s1frd

  • MD5

    e677d8183d89a410a3ce59db5a2722d3

  • SHA1

    969255020b8e5b9cf16ffa6dd7c8f931e7b68ce7

  • SHA256

    5705cdd93bd849acc4bfc1a9a2fa9b4c6f9e4b1dd1dbd43b0e8b35c32519d6d2

  • SHA512

    8f7369c3de05953613c246a1312a6ccfb6c416e458ddd55efdfb96c0ef569832aea51a52527fbfd5f7c36e1613c59358c425e5d8cdbf51d5bf4fb63a2bc16cc5

  • SSDEEP

    384:Vgn/TJl/8FdlK+gqigv0C7xAlEM5jUbTMbyi9thdIhFRi2mnk0PKk6Ut6jvWdlKv:YuF22+iM5jZbyShdIjFJu2

Score
8/10
execution

Malware Config

Targets

    • Target

      e677d8183d89a410a3ce59db5a2722d3.rtf

    • Size

      90KB

    • MD5

      e677d8183d89a410a3ce59db5a2722d3

    • SHA1

      969255020b8e5b9cf16ffa6dd7c8f931e7b68ce7

    • SHA256

      5705cdd93bd849acc4bfc1a9a2fa9b4c6f9e4b1dd1dbd43b0e8b35c32519d6d2

    • SHA512

      8f7369c3de05953613c246a1312a6ccfb6c416e458ddd55efdfb96c0ef569832aea51a52527fbfd5f7c36e1613c59358c425e5d8cdbf51d5bf4fb63a2bc16cc5

    • SSDEEP

      384:Vgn/TJl/8FdlK+gqigv0C7xAlEM5jUbTMbyi9thdIhFRi2mnk0PKk6Ut6jvWdlKv:YuF22+iM5jZbyShdIjFJu2

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks