Overview

overview

10

Static

static

8

5f88ca1aaf...b1.doc

windows7-x64

10

5f88ca1aaf...b1.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f88ca1aaf3be23a9494d2490813fd17797025557042722e2a49d8508ec15bb1.doc

  • Size

    1.3MB

  • Sample

    240727-plmr3szapn

  • MD5

    3522ab23f2ac891db3002ea5846b155f

  • SHA1

    a2a57208c98edcdb96a90b72e3bed06e6a1c35f3

  • SHA256

    5f88ca1aaf3be23a9494d2490813fd17797025557042722e2a49d8508ec15bb1

  • SHA512

    2be7ed61fd02bbcf24b9637ec2ebbf97270dfc1e93ce11063202deb3d0f263135244edcf21eb1e3068c8637cdd52f1e20dd1130ae79373a3553eb13f44dcd74b

  • SSDEEP

    12288:OXm5/PgVHXloQgPUqCQjDaX2Ky3UCTrg06fE2z40LwfIQ2YZXXvGw4dbt0cLyMPj:OW5el9qORXxCgVc2zpkZn4dBnlq

Score
10/10
discoveryexecutionmacromacro_on_action

Malware Config

Targets

    • Target

      5f88ca1aaf3be23a9494d2490813fd17797025557042722e2a49d8508ec15bb1.doc

    • Size

      1.3MB

    • MD5

      3522ab23f2ac891db3002ea5846b155f

    • SHA1

      a2a57208c98edcdb96a90b72e3bed06e6a1c35f3

    • SHA256

      5f88ca1aaf3be23a9494d2490813fd17797025557042722e2a49d8508ec15bb1

    • SHA512

      2be7ed61fd02bbcf24b9637ec2ebbf97270dfc1e93ce11063202deb3d0f263135244edcf21eb1e3068c8637cdd52f1e20dd1130ae79373a3553eb13f44dcd74b

    • SSDEEP

      12288:OXm5/PgVHXloQgPUqCQjDaX2Ky3UCTrg06fE2z40LwfIQ2YZXXvGw4dbt0cLyMPj:OW5el9qORXxCgVc2zpkZn4dBnlq

    Score
    10/10
    discoveryexecution

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Drops startup file

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks