Overview

overview

8

Static

static

1

Purchase 2.rtf

windows7-x64

8

Purchase 2.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Purchase 2.doc

  • Size

    589KB

  • Sample

    241010-lwpsmsyfkp

  • MD5

    75a0c6d8e022bbbaa51d10561d490a77

  • SHA1

    293b68a5ad6d18db921b1050fb05a65e475d1716

  • SHA256

    af619d68c383113a94b9be3ff42f0d6f377b654e757f1cbeeb98583ed1f1a61f

  • SHA512

    44ff4a7661f6e26d6f3b933134a3b60d7518f7f7b9b2ee9a692ccb8db37e71ee8c9be8e4e29e4f5126cf0175ed324daf6c09c42a602275f3ee434b165b611a30

  • SSDEEP

    3072:bwAlawAlGBqmsfGC5ZV4QbV103a1Ed/GN8hBkNIbwuB:bwAYwA6MGC5ZmUvEd+N/NIbwuB

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      Purchase 2.doc

    • Size

      589KB

    • MD5

      75a0c6d8e022bbbaa51d10561d490a77

    • SHA1

      293b68a5ad6d18db921b1050fb05a65e475d1716

    • SHA256

      af619d68c383113a94b9be3ff42f0d6f377b654e757f1cbeeb98583ed1f1a61f

    • SHA512

      44ff4a7661f6e26d6f3b933134a3b60d7518f7f7b9b2ee9a692ccb8db37e71ee8c9be8e4e29e4f5126cf0175ed324daf6c09c42a602275f3ee434b165b611a30

    • SSDEEP

      3072:bwAlawAlGBqmsfGC5ZV4QbV103a1Ed/GN8hBkNIbwuB:bwAYwA6MGC5ZmUvEd+N/NIbwuB

    Score
    8/10
    discoveryexecution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks