Overview

overview

10

Static

static

legal agre...20.doc

windows7_x64

10

legal agre...20.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    legal agreement_07.30.2020.doc

  • Size

    103KB

  • Sample

    200731-pq3y9as5ds

  • MD5

    b3b0dffa00f1a93dd4f4069d87f43dd3

  • SHA1

    756fe15d649645f5d9c3ef60dcd6d6ba5384633e

  • SHA256

    e67aa7a4192ca035c6c52a6afaf1b03058b9baa6fde616db3dad9d8d3d4c24cc

  • SHA512

    fe57b509a42cf017bc17d7b84d69ffb9c8de4e7240ef4056caf4e91fda39fee16b0019a4c6fba521f7278d99d857b9ef1374329177a70cc5b6ccc1bf44fd0202

Score
10/10
discovery

Malware Config

Targets

    • Target

      legal agreement_07.30.2020.doc

    • Size

      103KB

    • MD5

      b3b0dffa00f1a93dd4f4069d87f43dd3

    • SHA1

      756fe15d649645f5d9c3ef60dcd6d6ba5384633e

    • SHA256

      e67aa7a4192ca035c6c52a6afaf1b03058b9baa6fde616db3dad9d8d3d4c24cc

    • SHA512

      fe57b509a42cf017bc17d7b84d69ffb9c8de4e7240ef4056caf4e91fda39fee16b0019a4c6fba521f7278d99d857b9ef1374329177a70cc5b6ccc1bf44fd0202

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks