31300645371f90f83ca6aa058503fa7c2ba386f496ac181a6b287ba7ba1ea10e | Triage

Submit
Reports

Overview

overview

8

Static

static

8

3130064537...0e.doc

windows7-x64

7

3130064537...0e.doc

windows10-2004-x64

7

Sharing

General

Target

31300645371f90f83ca6aa058503fa7c2ba386f496ac181a6b287ba7ba1ea10e
Size

1.9MB
Sample

240812-j4lpvaxalf
MD5

1ee73b17111ab0ffb2f62690310f4ada
SHA1

3d3e2e367fe9b358bbb91e5cbcbe90250c220648
SHA256

31300645371f90f83ca6aa058503fa7c2ba386f496ac181a6b287ba7ba1ea10e
SHA512

811ecc63317c2636729026d95489f6f15053c2e52020a2260a7d6896f06aad39135b0194ddfc2bdd526ecb9d497cf3af90ce1c60b28ee4f2d39f2d14f67a4b36
SSDEEP

24576:j1NDbbUMbRNjy8lZ2UFRTHD/mrM1e6sBiNhaYQBFq:vDbJbvjynUyCpx

Score

8^/10

discovery macro macro_on_action persistence privilege_escalation spyware stealer

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

31300645371f90f83ca6aa058503fa7c2ba386f496ac181a6b287ba7ba1ea10e.doc

Resource

win7-20240708-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

31300645371f90f83ca6aa058503fa7c2ba386f496ac181a6b287ba7ba1ea10e.doc

Resource

win10v2004-20240802-en

persistence privilege_escalation spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  31300645371f90f83ca6aa058503fa7c2ba386f496ac181a6b287ba7ba1ea10e
- Size
  
  1.9MB
- MD5
  
  1ee73b17111ab0ffb2f62690310f4ada
- SHA1
  
  3d3e2e367fe9b358bbb91e5cbcbe90250c220648
- SHA256
  
  31300645371f90f83ca6aa058503fa7c2ba386f496ac181a6b287ba7ba1ea10e
- SHA512
  
  811ecc63317c2636729026d95489f6f15053c2e52020a2260a7d6896f06aad39135b0194ddfc2bdd526ecb9d497cf3af90ce1c60b28ee4f2d39f2d14f67a4b36
- SSDEEP
  
  24576:j1NDbbUMbRNjy8lZ2UFRTHD/mrM1e6sBiNhaYQBFq:vDbJbvjynUyCpx
Score

7^/10

discovery persistence privilege_escalation spyware stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

persistenceprivilege_escalationspywarestealer

© 2018-2025

Terms | Privacy