4ba4a67aaf60917264c4f64c43c22d0ed7d53074624299cf07b87d62851f80dd | Triage

Sharing

General

Target

protected_secret_fixed.docm
Size

161KB
Sample

240827-qb13dssard
MD5

1d0c026a0984cccfb9f07aedb04d0337
SHA1

f36c27957b250af1860fe999f410877a911d9524
SHA256

4ba4a67aaf60917264c4f64c43c22d0ed7d53074624299cf07b87d62851f80dd
SHA512

86d3100a63665eeef1b12d4b8289aa9da16717465774b99bf2eebea72717e01bd5589d03d352d4db615a9793a9c76a94c0f68463a97490fb68b102ade1748ac6
SSDEEP

3072:EW7lceF+nLrAu7yLzcHeDxFHVoF95nNZkEb6pATMvHs:5ltF+XAu2ntO9hNZxeSgvs

Score

10^/10

defense_evasion

Malware Config

Targets

- Target
  
  protected_secret_fixed.docm
- Size
  
  161KB
- MD5
  
  1d0c026a0984cccfb9f07aedb04d0337
- SHA1
  
  f36c27957b250af1860fe999f410877a911d9524
- SHA256
  
  4ba4a67aaf60917264c4f64c43c22d0ed7d53074624299cf07b87d62851f80dd
- SHA512
  
  86d3100a63665eeef1b12d4b8289aa9da16717465774b99bf2eebea72717e01bd5589d03d352d4db615a9793a9c76a94c0f68463a97490fb68b102ade1748ac6
- SSDEEP
  
  3072:EW7lceF+nLrAu7yLzcHeDxFHVoF95nNZkEb6pATMvHs:5ltF+XAu2ntO9hNZxeSgvs
Score

10^/10

defense_evasion
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasion