Extracted

• • Target

    fd9fe0ade0e4a0288bc1274ad9ebd5b080c82e6b221e243cd2810d94368e097b.doc

  • Size

    126KB

  • MD5

    b9dde198d2ca4cb42b39ed65c78a7432

  • SHA1

    3b9266bf5d632b03d4d68de30dc3c42454b9422d

  • SHA256

    fd9fe0ade0e4a0288bc1274ad9ebd5b080c82e6b221e243cd2810d94368e097b

  • SHA512

    c6b17cf410e949a75115c613d82bc0e999e0d26e892545ab30287e84ddc20bd1091754f4e1c0fa4fe12684398f7472cd16fca376e25c37520981f4b27a202bf2

  • SSDEEP

    768:bRKuqG2R5aSdM4hsSjtvSHg8NRQKb0oAY/oqkuFg9:b02B4nqMvf6RQKxAqH9F4

  Score

  10^/10

  defense_evasiondiscoveryexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Evasion via Device Credential Deployment

    defense_evasionexecution

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2