c0587da12abc35d421d5cfb374785b021b0c6c07868d12202ea2074b3cf39def | Triage

Submit
Reports

Overview

overview

8

Static

static

1

SecuriteIn...69.rtf

windows7-x64

8

SecuriteIn...69.rtf

windows10-2004-x64

1

Sharing

General

Target

SecuriteInfo.com.Exploit.CVE-2017-11882.123.23495.2369.rtf
Size

72KB
Sample

240730-bpj9gazhnm
MD5

625a04a93d1ab1ffac8c456c25d98b93
SHA1

f52a29f1a540c218a8587d4fc81ff209288a7f3c
SHA256

c0587da12abc35d421d5cfb374785b021b0c6c07868d12202ea2074b3cf39def
SHA512

159775ed99ef6eb7ff9edb193208a1831c43074c737d608d78c91bd8bf35d4a801d914b4214958aad38edec943a920389a3e980233b8e9f58c3864986470dec9
SSDEEP

384:l0uKlMPlWYlweoKVLliD/k4gphmStYaFiYXl83D2jIcwMfXEVNkKT:ykXIKVLlOk4gphm4Xl8D2jIcwM/2p

Score

8^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Exploit.CVE-2017-11882.123.23495.2369.rtf

Resource

win7-20240708-en

discovery execution

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Exploit.CVE-2017-11882.123.23495.2369.rtf

Resource

win10v2004-20240709-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Exploit.CVE-2017-11882.123.23495.2369.rtf
- Size
  
  72KB
- MD5
  
  625a04a93d1ab1ffac8c456c25d98b93
- SHA1
  
  f52a29f1a540c218a8587d4fc81ff209288a7f3c
- SHA256
  
  c0587da12abc35d421d5cfb374785b021b0c6c07868d12202ea2074b3cf39def
- SHA512
  
  159775ed99ef6eb7ff9edb193208a1831c43074c737d608d78c91bd8bf35d4a801d914b4214958aad38edec943a920389a3e980233b8e9f58c3864986470dec9
- SSDEEP
  
  384:l0uKlMPlWYlweoKVLliD/k4gphmStYaFiYXl83D2jIcwMfXEVNkKT:ykXIKVLlOk4gphm4Xl8D2jIcwM/2p
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2024

Terms | Privacy