Overview

overview

8

Static

static

1

weneedgrea...et.rtf

windows7-x64

8

weneedgrea...et.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    weneedgreatthingsalwaystogetmehairdrandtgreatthingsonheretoheighhmangotreeonhere_____________bettermangotreeonheretoget.doc

  • Size

    77KB

  • Sample

    240731-mnes5stard

  • MD5

    4b9305dcc211e64941a71120617c8983

  • SHA1

    53b7292c31055f3e50e555542ce517bd0237b1a0

  • SHA256

    60415ee85c74fc9666c2445a4a36db0dbab76a25de01af187cb96ee83f492100

  • SHA512

    7d84b0c4c8bb2217f4072032f1179de1d116ca10d7842c77740b56a0671400c5032986ba5967d5b8836bd25e818ba06487531f090a9a6d3ee7dbbd68e4370923

  • SSDEEP

    384:TpTZwOjBKrUqMtpOrxdc5gEp2wZTNvK3iH5kreVI9RIebbusxSMwq:TpVwOjkrUKYgkpKSHpVIP9bbusxSc

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      weneedgreatthingsalwaystogetmehairdrandtgreatthingsonheretoheighhmangotreeonhere_____________bettermangotreeonheretoget.doc

    • Size

      77KB

    • MD5

      4b9305dcc211e64941a71120617c8983

    • SHA1

      53b7292c31055f3e50e555542ce517bd0237b1a0

    • SHA256

      60415ee85c74fc9666c2445a4a36db0dbab76a25de01af187cb96ee83f492100

    • SHA512

      7d84b0c4c8bb2217f4072032f1179de1d116ca10d7842c77740b56a0671400c5032986ba5967d5b8836bd25e818ba06487531f090a9a6d3ee7dbbd68e4370923

    • SSDEEP

      384:TpTZwOjBKrUqMtpOrxdc5gEp2wZTNvK3iH5kreVI9RIebbusxSMwq:TpVwOjkrUKYgkpKSHpVIP9bbusxSc

    Score
    8/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks