Overview

overview

10

Static

static

8

New_Recove...s.docm

windows7-x64

10

New_Recove...s.docm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm

  • Size

    302KB

  • Sample

    240722-q489ga1fnk

  • MD5

    dd2100dfa067caae416b885637adc4ef

  • SHA1

    499f8881f4927e7b4a1a0448f62c60741ea6d44b

  • SHA256

    803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61

  • SHA512

    809a6c7a3d83cc9b025a3109778be1d92db509d12202a30ecb31b8c8fbaeae2a50732e36d41b065b10ab64d04990e46173e09e01799bb54f8a93e725e111deda

  • SSDEEP

    6144:LkNC0FaiQjxrRbX1o/EUk1DPFVpigBHbP4Z4IU1vmR8:LkNCcC6cf1xVpJNP0QNs8

Score
10/10
macrospywarestealer

Malware Config

Targets

    • Target

      New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows.docm

    • Size

      302KB

    • MD5

      dd2100dfa067caae416b885637adc4ef

    • SHA1

      499f8881f4927e7b4a1a0448f62c60741ea6d44b

    • SHA256

      803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61

    • SHA512

      809a6c7a3d83cc9b025a3109778be1d92db509d12202a30ecb31b8c8fbaeae2a50732e36d41b065b10ab64d04990e46173e09e01799bb54f8a93e725e111deda

    • SSDEEP

      6144:LkNC0FaiQjxrRbX1o/EUk1DPFVpigBHbP4Z4IU1vmR8:LkNCcC6cf1xVpJNP0QNs8

    Score
    10/10
    spywarestealer

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks