ce76f02cf57092e33b1daf8a41af4b3d2804a9579e801644318dca35af842d54 | Triage

Submit
Reports

Overview

overview

Static

static

1

SMTP-FGMet...78.xls

windows7-x64

8

SMTP-FGMet...78.xls

windows10-2004-x64

Sharing

General

Target

SMTP-FGMet32ptD1LBKpl9d-c5baf9b10bb63f546bf7d153f7d50c78.doc
Size

556KB
Sample

240903-hmpvha1fng
MD5

c5baf9b10bb63f546bf7d153f7d50c78
SHA1

1fb83f290da89601642efb47731f3ae5e6f204b5
SHA256

ce76f02cf57092e33b1daf8a41af4b3d2804a9579e801644318dca35af842d54
SHA512

19cdc68feb78e35e72ee01f83e69cc61855ae5521fb5265bb9249c3f7eff1722b09d720243d3c527bbda02c5390086aeffc0b5485cded0356c037bd9dd23a211
SSDEEP

12288:5+xWSu1Cq113pE2DvTlEZ4E0/Pygf2eSoPvIHBUTtp:5UW1Cqz3/K4E0/qYSoPvISv

Score

10^/10

defense_evasion discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

SMTP-FGMet32ptD1LBKpl9d-c5baf9b10bb63f546bf7d153f7d50c78.xls

Resource

win7-20240903-en

defense_evasion discovery execution

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

SMTP-FGMet32ptD1LBKpl9d-c5baf9b10bb63f546bf7d153f7d50c78.xls

Resource

win10v2004-20240802-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  SMTP-FGMet32ptD1LBKpl9d-c5baf9b10bb63f546bf7d153f7d50c78.doc
- Size
  
  556KB
- MD5
  
  c5baf9b10bb63f546bf7d153f7d50c78
- SHA1
  
  1fb83f290da89601642efb47731f3ae5e6f204b5
- SHA256
  
  ce76f02cf57092e33b1daf8a41af4b3d2804a9579e801644318dca35af842d54
- SHA512
  
  19cdc68feb78e35e72ee01f83e69cc61855ae5521fb5265bb9249c3f7eff1722b09d720243d3c527bbda02c5390086aeffc0b5485cded0356c037bd9dd23a211
- SSDEEP
  
  12288:5+xWSu1Cq113pE2DvTlEZ4E0/Pygf2eSoPvIHBUTtp:5UW1Cqz3/K4E0/qYSoPvISv
Score

10^/10

defense_evasion discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Evasion via Device Credential Deployment
  defense_evasion execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

behavioral2

© 2018-2025

Terms | Privacy