Overview

overview

8

Static

static

1

recreatedn...ed.rtf

windows7-x64

8

recreatedn...ed.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    recreatednewthingswithentrienewprocesswhichwedidwithouthavingsuchagereatthigstodoever_______greatthingstohappened.doc

  • Size

    82KB

  • Sample

    240726-mpbswascmk

  • MD5

    0a9c028203a8416be8db7371550d0fb5

  • SHA1

    2f576cdfbf4f60918676f6583265c504bdeefa21

  • SHA256

    a424c4312f97747efa22a627aa0c77c4f11022d171e11d3eeff00dd77b737520

  • SHA512

    51d92688abee365f550552c565ebc422000c6cdf6a0e58528922bde4323906cd85d3dcf7d29fb52adf9cdc4c59e3310704a25657b5a9683ed041087f7db01b69

  • SSDEEP

    384:kwiGEC30k0fWHuaN6oQeO3seC31xcxwV+k629/sYdhpfsl4ZnxP941:N1WWPNxssN31xcxc+kRsYdkl4Znr0

Score
8/10
discovery

Malware Config

Targets

    • Target

      recreatednewthingswithentrienewprocesswhichwedidwithouthavingsuchagereatthigstodoever_______greatthingstohappened.doc

    • Size

      82KB

    • MD5

      0a9c028203a8416be8db7371550d0fb5

    • SHA1

      2f576cdfbf4f60918676f6583265c504bdeefa21

    • SHA256

      a424c4312f97747efa22a627aa0c77c4f11022d171e11d3eeff00dd77b737520

    • SHA512

      51d92688abee365f550552c565ebc422000c6cdf6a0e58528922bde4323906cd85d3dcf7d29fb52adf9cdc4c59e3310704a25657b5a9683ed041087f7db01b69

    • SSDEEP

      384:kwiGEC30k0fWHuaN6oQeO3seC31xcxwV+k629/sYdhpfsl4ZnxP941:N1WWPNxssN31xcxc+kRsYdkl4Znr0

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks