Overview

overview

8

Static

static

8

0cf1e59bae...57.doc

windows7-x64

8

0cf1e59bae...57.doc

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    0cf1e59bae9dba7fbbf6ee6a36ca6bdb8fa0ac002b8cf824bd0888789a981c57.doc

  • Size

    1.5MB

  • Sample

    240904-syd79ashpp

  • MD5

    4105549d9f60955620bdf657ecb7b172

  • SHA1

    4f7e22349c3e9375990752f384d8111e9f9857dc

  • SHA256

    0cf1e59bae9dba7fbbf6ee6a36ca6bdb8fa0ac002b8cf824bd0888789a981c57

  • SHA512

    d8fbf69dbd5d4494e74c9f216a37f8a4d9edc476232a445ee501ef9cb23f2bc1c0b05ee6a43f48ac811c0613d6b4be0b0935b930dbb6e0c42995b4a19974139f

  • SSDEEP

    12288:zHUjbj98601ZD9ah7etv8YWWpeRnkeifX0Kgbo3Zrm9icmUQ2L:zUj501ZD93nMkXnyRmUV

Score
8/10
discoverymacromacro_on_action

Malware Config

Targets

    • Target

      0cf1e59bae9dba7fbbf6ee6a36ca6bdb8fa0ac002b8cf824bd0888789a981c57.doc

    • Size

      1.5MB

    • MD5

      4105549d9f60955620bdf657ecb7b172

    • SHA1

      4f7e22349c3e9375990752f384d8111e9f9857dc

    • SHA256

      0cf1e59bae9dba7fbbf6ee6a36ca6bdb8fa0ac002b8cf824bd0888789a981c57

    • SHA512

      d8fbf69dbd5d4494e74c9f216a37f8a4d9edc476232a445ee501ef9cb23f2bc1c0b05ee6a43f48ac811c0613d6b4be0b0935b930dbb6e0c42995b4a19974139f

    • SSDEEP

      12288:zHUjbj98601ZD9ah7etv8YWWpeRnkeifX0Kgbo3Zrm9icmUQ2L:zUj501ZD93nMkXnyRmUV

    Score
    8/10
    discoverymacromacro_on_action

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

      macromacro_on_action

    • Drops startup file

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks