648eb3dd8252073b53f16887084c5415f56e90877aee69d29393efe1382679b4

Sharing

Copy URL

Twitter E-mail

General

Target

eicar-standard-antivirus-test-files.zip
Size

500KB
Sample

241204-zfvwlsznhy
MD5

2c0639649b894a0845bc0601fa67b3c7
SHA1

dcb53d4fb45650fe1e49aada7178972065c4e1dc
SHA256

648eb3dd8252073b53f16887084c5415f56e90877aee69d29393efe1382679b4
SHA512

f50e5fafac06bd5ee3273e14e61722d4f8ba282776d78b89682a409c1cc4cf7c77b28dfc17b8095241a771873c9629f6079395689d83368c4fc9745f0c5bb251
SSDEEP

12288:s+LA9qkSthlow8qMlUIQ3EaVALm3zyo7Dui3d/FzNh5UT4QBaisl0mT:d5lp8qMlzQH6S35bu4P

Score

10^/10

Malware Config

Targets

- Target
  
  eicar-standard-antivirus-test-files/eicar-adobe-acrobat-attachment.pdf
- Size
  
  6KB
- MD5
  
  13486b57cc3ad49227174f86fd4df606
- SHA1
  
  6e42b5372e017f45e6afbeee02bd55dd856c3f21
- SHA256
  
  851d1e02b134b222d0e4012c2bbb61828f1219c66ec5ed9ca291c406cb83461f
- SHA512
  
  2e9e9d63c274b0eee827a45ada7c2e44675756cf4d4f38eba2b158781a84eb3908039444b24e0b3d7de4511d3042ea6b2c8421dbd60da1e66a8760e3de81c71e
- SSDEEP
  
  48:F678q1DRROQk+FQJeG88dDpPRujpk3YGv5v2BrlQqUC+kGInKxI1OVx6zTazBQMJ:Y7dDjNsJn8ob2Mv5eATkxneV/B9Ddh
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  eicar-standard-antivirus-test-files/eicar-adobe-acrobat-javascript-alert.pdf
- Size
  
  13KB
- MD5
  
  657c1ddb8eb73b9cef5c31bedcf0dbe5
- SHA1
  
  aa396fdf3a2c4a6f7ae8b018c6365ee5b6246ded
- SHA256
  
  948ee1d9e0df1dc678f420239fddce99e0268978e65502d0ec31615b0a57b29a
- SHA512
  
  f06adc26a452db92516c341d5f6dfbf18440df5af06b3cf733f9065d1f7e4a9cd9b863cf55de55c594e935b50030db01db5f069e78c77740f9b6c217236fb7ed
- SSDEEP
  
  96:3Oa3FxJS+D2AHYkLExQLVhjO2vMkLEwVScjnhhm70r1knn1RVWwKpCL:73zJ9h4k8Qfjkkzd0wpkaCL
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  eicar-standard-antivirus-test-files/eicar-com.com
- Size
  
  68B
- MD5
  
  44d88612fea8a8f36de82e1278abb02f
- SHA1
  
  3395856ce81f2b7382dee72602f798b642f14140
- SHA256
  
  275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
- SHA512
  
  cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab
Score

1^/10
behavioral5 behavioral6
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-dde-cmd-powershell-echo.xls
- Size
  
  25KB
- MD5
  
  5a723cb5f77ca9034b628d0269049d13
- SHA1
  
  afd364f0df87ae40607ad909c166390456094722
- SHA256
  
  a5199c09459358a485bddb85488a65b74f09fbc409d8affe022ae45470898fde
- SHA512
  
  cd4f71c8f38603ee9b0f0f07a325560740de2d6cc828071ef66e2b96f81e945ab8ebcea9cc3b70c4116b95f99a9c5091d8965334c3c6eb0d49ad01b48c64a8dd
- SSDEEP
  
  768:4sck3hOdsylKlgryzc4bNhZFGzE+cL2knAJlOiCyJRF:Qk3hOdsylKlgryzc4bNhZFGzE+cL2kn0
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral7 behavioral8
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-dde-cmd-powershell-echo.xlsx
- Size
  
  8KB
- MD5
  
  401c0063f7a7e75b1c24fe84efc24969
- SHA1
  
  d77499abb26b7f38e22e15c8ea1ff94250bbb6d6
- SHA256
  
  789d5b235a9958c3fa03eb046bd3e6be9fb3273fbc6aa37d98d4794b2b68e81d
- SHA512
  
  0f80f70c7adaea0618c8f4882d5f8692c35d886fa9b104716c9d604f5be4e77ab99ff2ac1ef9f93eaf2311f6e3846385e2bc00dbf787962b3439e46406ebe759
- SSDEEP
  
  96:XQAV7LMqwiE7/AVNM+qCDiKlCUANyxizTplWYu0MrHeoVoUyw0JMznuRhfD1xizj:nRopUK+1iZQxizT3W7+tpu+kzj
Score

10^/10

discovery execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral10 behavioral9
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-macro-cmd-echo.xls
- Size
  
  30KB
- MD5
  
  5fa1d1c2389d123ebb7c4c7312dfac73
- SHA1
  
  8c8ec8577da8e370297413cd65ee8f99578077bb
- SHA256
  
  e8f8f28cca8ff5e02b52d8131be2f63b59ac38f64fc4bf7640334765ad6a14ba
- SHA512
  
  2b54614c54eff346483952afb5f5dfc4afc0aa59c80bdbf49ddcab8d4d48b3190a45b885adea0daff23bb7fe24030add67a5d2f1277fc918442b61153302d4f7
- SSDEEP
  
  768:uik3hOdsylKlgryzc4bNhZFGzE+cL2knAJ6OiCkhaBwAo946B8R:Pk3hOdsylKlgryzc4bNhZFGzE+cL2knm
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral11 behavioral12
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-macro-cmd-echo.xlsm
- Size
  
  12KB
- MD5
  
  b68e4ac3052c859be74f8399e515d60b
- SHA1
  
  1426492d6f23c621c63d1dbacdf684800429337f
- SHA256
  
  652cd62572a10f768639f554cf21f39327a2aefc970d5d53dba05b89505a0c90
- SHA512
  
  c895b79e1646da45fad3de0f7909e063639a513aed195efcea78703ce140a223164582397017e5db482fa5b7b9217c0860c662523e190dc85327394866b5e205
- SSDEEP
  
  192:HeoDZz+4XuGPcrPjJqSXJa+TDgraQxizT3W7+p+1iTv1QXwXQ:HeozLmjJqEJaGQITMaTaAg
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
behavioral13 behavioral14
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-macro-msgbox.xls
- Size
  
  31KB
- MD5
  
  2d4632e8119f62e9e1e54cc7359701d9
- SHA1
  
  e8bb402cc5c3e1d685aad7178dbcea89567fcdf9
- SHA256
  
  ec8afa9b698db880eef4b96994d0c6b3c2a6c3ef2f14525c2fc0e0e76f9a3454
- SHA512
  
  4467fc6fa77f50737ef6bcad01237744cd6200fe3f974d5b6e66766dc691dfb448b2ca5435cdb7d8438fe24966e185d445799521d0e4c32b96ac5b6de64e7d18
- SSDEEP
  
  768:lik3hOdsylKlgryzc4bNhZFGzE+cL2knAJ6OiCklmiBy2t946Ps:Uk3hOdsylKlgryzc4bNhZFGzE+cL2knf
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-macro-msgbox.xlsm
- Size
  
  11KB
- MD5
  
  c9ff045b0e82e9d1a45a0bf4d3fa838d
- SHA1
  
  3910119b4c228ccf36c999eec32179318305918c
- SHA256
  
  488c1c2643973ba8e2464584482da7644347945cebad9bbad85b7ca41f432b6c
- SHA512
  
  6841e86d74f94c2d2a93d84c96d4c7e2881588456e80ad69776246136a4962acc033c5870a90c384fb101bb86f623a0f2bc6e42a3e11c9ed2bd0d1d4a3c07b6d
- SSDEEP
  
  192:HeoDZfNVx+6RUoBX50nay/ZOjQ9fwEQxizT3W7+p+1iTvp98Z29:Heo1HcoB6nayxOyQITMaTR9j9
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-macro-powershell-echo.xls
- Size
  
  27KB
- MD5
  
  790a006eaf286426a43fae988410209c
- SHA1
  
  4f373b591e259ef3a740d65d82d16b03cff09fc9
- SHA256
  
  772faea5b925aede03956c3e8a08b3fdad0f9db3653415cd3d89d017a2617f46
- SHA512
  
  b2bc4d46fdb13e362af45aefa6561d7089ed9444674ce02d9006e5199820ce1bd830ccee286264f4f7827a19e51243fffd520c91a1c763dd6ff494ca84f3ffee
- SSDEEP
  
  768:Kik3hOdsylKlgryzc4bNhZFGzE+cL2knAJ6OiCk4BsUK:bk3hOdsylKlgryzc4bNhZFGzE+cL2knm
Score

10^/10

defense_evasion discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral19 behavioral20
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-macro-powershell-echo.xlsm
- Size
  
  11KB
- MD5
  
  9bfbd61f017780a547de363a670c2fa0
- SHA1
  
  98c2d4049f283d2a78e10f685fc8849ede58b2eb
- SHA256
  
  75a444008d2ec38b2de7dc35e5da389c266c5fb689b6f3dc639a869a1c3f0a5b
- SHA512
  
  824766f425b90fb9191e12011e4d407ee50d1d5a0daab7c92ed8c63b0b85aae8ad1bf3c6ab3238b4a4a1991d856f2453eb1ebe38f85413f0851afedf6760f941
- SSDEEP
  
  192:HeoDZW59dm88DfieY63G4lV8f2UVw0QxizT3W7+p+1iTvflLIn:HeoavpAiXkz8f2UVvQITMaTu
Score

10^/10

defense_evasion discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral21 behavioral22
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-macro-write-file.xls
- Size
  
  31KB
- MD5
  
  d8671538a60e6aba3eede8cf428edcad
- SHA1
  
  44b6261d9d2c57335765f06c939b9700ab6d89bb
- SHA256
  
  512d01f64456a25b96770af87d52a499bafb1b28a125a2a489f931b4217f3381
- SHA512
  
  e466df9019c89591839229e7711ec4a59359258edcb8d481371f21a19e0b0298ee5ad1ec27a06a5759d48dbe9db836ee36c8da9e52974fc07b482440d8862d84
- SSDEEP
  
  768:1ck3hOdsylKlgryzc4bNhZFGzE+cL2knAJGOiC3RrgGB0amDJaP:ak3hOdsylKlgryzc4bNhZFGzE+cL2knU
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  eicar-standard-antivirus-test-files/eicar-excel-macro-write-file.xlsm
- Size
  
  12KB
- MD5
  
  d21689488fe07e0808c0c50e285951df
- SHA1
  
  73c71b9e3f38b29e2fcd6d0f18ae8495ce99c8e7
- SHA256
  
  fb2881f4aca4701037163c2c93b1491eb2373d4f6f7a2bb7353ba5205d9a90df
- SHA512
  
  08abfae5217350cd3f47b9b3418772ee0236fd152be96b85fe1f66136464edf396716e4f791b90111968346ad5f4b3297baf5c7dcddbe7d5d20add4f2e6b4cd9
- SSDEEP
  
  192:NhcDZ/QxizT3W7+p+1iaNxshXBOTlTX0C7bmZZQW05L7Ur3W7:Nu/QITMaaNxsvOlkCoy5Urm7
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  eicar-standard-antivirus-test-files/eicar-powerpoint-action-macro-msgbox.ppt
- Size
  
  87KB
- MD5
  
  93ba7b5bf24bab324dfba77262eb9496
- SHA1
  
  44a10eb734139296bfef1e9ab3f53eea48865cf1
- SHA256
  
  30090f902cead484616d3a8041f0e18242b22566aeea28160865bfe2227f72f6
- SHA512
  
  7181ffbda656660f1d2cd9b60aa576f8b9db8812ae64f5f16da88a9ca641f89757c71c9129fbeffcba017932cccf1f0b64e343db95c09e563d80b563b5d22d1a
- SSDEEP
  
  768:QUXidfgVus0KfClxvwK/MkYn8JB+lm/cpxXV:QAkf4SvwK0kO8JB+s/c
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  eicar-standard-antivirus-test-files/eicar-powerpoint-action-macro-msgbox.pptm
- Size
  
  31KB
- MD5
  
  72a4f5208fffbf6df1db5f3de168df08
- SHA1
  
  d983ff33101aa44b57da0ff0e410c8eef9d2b76d
- SHA256
  
  25e4642a087257cc6e1467e5e7536e0f90033425c60d47866c329607919226e6
- SHA512
  
  fac8e2c429e49a85596871ec64e8e935bef017c59fc664effc2105cbe4e5636ea993b3d1b4728309e3469221938d55b95b5a08036bfc575af38d9eb77267ad1e
- SSDEEP
  
  768:LlgVFy4S0JS00SneS0yS07jS0MS0bS02S03SPRDYmWlLv2Gt6j23IGC1unAiMB0m:h4q0JGEeAvhPY/
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  eicar-standard-antivirus-test-files/eicar-powerpoint-action-powershell-echo.ppt
- Size
  
  106KB
- MD5
  
  42b0beceda7a91544828096a7678f83a
- SHA1
  
  353c42707b2b28d35bc04020656c97bf7212a502
- SHA256
  
  8f7e4483fe87a500114399162317eda0e1b964c17842236b57a139b069458d17
- SHA512
  
  d2dc3a4c9335163d688b840905bd715c49528de1c8c089f465a828e1eacc8a4a4347e7e2aa6c3c91945ffd8c2f9ccfafca1da0986ee7869d3a2b988a714e1fa3
- SSDEEP
  
  768:0VMXidflJxysS2KfClxvwK/MkYn8J7zevReS4rix6gCIfDCfxvTIGZ8xwQ:0VokfDXbvwK0kO8JugWoUfkvb
Score

10^/10

defense_evasion discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Process spawned unexpected child process

Process spawned unexpected child process

Process spawned unexpected child process

Process spawned unexpected child process

Process spawned unexpected child process

Obfuscated Files or Information: Command Obfuscation

Process spawned unexpected child process

Obfuscated Files or Information: Command Obfuscation

Process spawned unexpected child process

Obfuscated Files or Information: Command Obfuscation

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32