General

  • Target

    instruct_11.21.doc.vir

  • Size

    34KB

  • Sample

    211112-yqd56sebd4

  • MD5

    a9490d94cf547e27dcc0d52dc72e74e7

  • SHA1

    a00e440eb13f84c8b8faba5b81a7d85fce2a4074

  • SHA256

    ee103f8d64cd8fa884ff6a041db2f7aa403c502f54e26337c606044c2f205394

  • SHA512

    43dddc14679f16735c6f74c1b3d40b0be23bf995e9dd9a49ab9cd780cac6314a15ce73ab3943cf3346bbc77be2b2355ac6a8723c56d1ebe6872c9697f5048bc4

Score
10/10

Malware Config

Targets

    • Target

      instruct_11.21.doc.vir

    • Size

      34KB

    • MD5

      a9490d94cf547e27dcc0d52dc72e74e7

    • SHA1

      a00e440eb13f84c8b8faba5b81a7d85fce2a4074

    • SHA256

      ee103f8d64cd8fa884ff6a041db2f7aa403c502f54e26337c606044c2f205394

    • SHA512

      43dddc14679f16735c6f74c1b3d40b0be23bf995e9dd9a49ab9cd780cac6314a15ce73ab3943cf3346bbc77be2b2355ac6a8723c56d1ebe6872c9697f5048bc4

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks