Overview

overview

10

Static

static

8

1208_37832604.doc

windows7-x64

10

1208_37832604.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e73d30be4e447f7681e1f5f600cf80c66726ce97f1359c12fcabb6013e5a16e0.zip

  • Size

    387KB

  • Sample

    250327-shrteawlw8

  • MD5

    cc7e2db4412f0012acfc497cdf04e944

  • SHA1

    81c11089013cfd75bfc33e4e755adf9b60335421

  • SHA256

    e73d30be4e447f7681e1f5f600cf80c66726ce97f1359c12fcabb6013e5a16e0

  • SHA512

    7b732b1b85766a66a1feab971325b5e17c5416c4d4c364f7842713b246613067410d4f967febe68d17b578f36c7c8648ff5b5d1c77341ad8416dbf54a0931cd4

  • SSDEEP

    6144:5s/s98rUmTQ/cDRTpCJEx8SuyxyRWS+B4UtbfDYFcT5EeHupfN8e90rmVlZd6:j1/cFp2ECrqtbScT51upOe90aXZd6

Score
10/10
discoverymacromacro_on_action

Malware Config

Targets

    • Target

      1208_37832604.doc

    • Size

      543KB

    • MD5

      14450c99698f1725a1933879d104c404

    • SHA1

      5fa27c4c455d168bf0efced37869b8f840d3dc4d

    • SHA256

      2fbff281b9d4d240ef5a800c08cf26d4d4944e73227860a7c4afeb3b11615238

    • SHA512

      b9b4d4b565a0a48978e88b4bd947ae35ec9172bddae2dfcb5e432ce17a4b4c353b4a2de177b317fdf51ef418c2f24b3a2b5a746390cac3b5e845383584ddbd3f

    • SSDEEP

      12288:auE0gXPByytkPiieVC2P3Bd1pJhw5EHkf13VbIkqC0J:au3gXPQ2kiie/3BJwskt3VbnqC

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks