Overview

overview

10

Static

static

1

newthingsa...ge.rtf

windows7-x64

10

newthingsa...ge.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    newthingsareintheonethewaytogetthebackbuttersochbuttersweetnesswithentireoprocessaneedgoodthingstogetme____verynicebuttersmooth (1).doc

  • Size

    88KB

  • Sample

    240827-lh2kaawbkm

  • MD5

    02d3b93c00b013f2eb2754e469cb23e2

  • SHA1

    f5851bc2be976e9e68269b46a90deaa0ca8e6c11

  • SHA256

    d55b76f0fe17bfad915babdae492f466987ee515f21150b6666fa276aa95774d

  • SHA512

    7279328ec46219ac9eec1bc4c881fbaa86ed79eb813bac293d7760a8b83b2859c4f7d22e071f3734a16aad19416fed13c107fce8faf5a3bc844fe75bce373b69

  • SSDEEP

    768:FCfB5RIvn0YGd7/qvYzI84zl2xvIzEJSeT/BZWd:FCxIi7/jzI84zlcvIwJSMMd

Score
10/10
credential_accessdiscoverystealer

Malware Config

Targets

    • Target

      newthingsareintheonethewaytogetthebackbuttersochbuttersweetnesswithentireoprocessaneedgoodthingstogetme____verynicebuttersmooth (1).doc

    • Size

      88KB

    • MD5

      02d3b93c00b013f2eb2754e469cb23e2

    • SHA1

      f5851bc2be976e9e68269b46a90deaa0ca8e6c11

    • SHA256

      d55b76f0fe17bfad915babdae492f466987ee515f21150b6666fa276aa95774d

    • SHA512

      7279328ec46219ac9eec1bc4c881fbaa86ed79eb813bac293d7760a8b83b2859c4f7d22e071f3734a16aad19416fed13c107fce8faf5a3bc844fe75bce373b69

    • SSDEEP

      768:FCfB5RIvn0YGd7/qvYzI84zl2xvIzEJSeT/BZWd:FCxIi7/jzI84zlcvIwJSMMd

    Score
    10/10
    credential_accessdiscoverystealer

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks