Exploit for CVE-2015-1641

Jun 20, 2023 · attack.defense_evasion attack.t1036.005 cve.2015.1641 detection.emerging_threats ·

Detects Winword starting uncommon sub process MicroScMgmt.exe as used in exploits for CVE-2015-1641

Sigma rule (View on GitHub)

 1title: Exploit for CVE-2015-1641
 2id: 7993792c-5ce2-4475-a3db-a3a5539827ef
 3status: stable
 4description: Detects Winword starting uncommon sub process MicroScMgmt.exe as used in exploits for CVE-2015-1641
 5references:
 6    - https://www.virustotal.com/en/file/5567408950b744c4e846ba8ae726883cb15268a539f3bb21758a466e47021ae8/analysis/
 7    - https://www.hybrid-analysis.com/sample/5567408950b744c4e846ba8ae726883cb15268a539f3bb21758a466e47021ae8?environmentId=100
 8author: Florian Roth (Nextron Systems)
 9date: 2018/02/22
10modified: 2021/11/27
11tags:
12    - attack.defense_evasion
13    - attack.t1036.005
14    - cve.2015.1641
15    - detection.emerging_threats
16logsource:
17    category: process_creation
18    product: windows
19detection:
20    selection:
21        ParentImage|endswith: '\WINWORD.EXE'
22        Image|endswith: '\MicroScMgmt.exe'
23    condition: selection
24falsepositives:
25    - Unknown
26level: critical

References

VirusTotal

VirusTotal

Read More
Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for '3337937-107-0_1.Free_Hosting.doc'

Submit malware for free analysis with Falcon Sandbox and Hybrid Analysis technology. Hybrid Analysis develops and licenses analysis tools to fight malware.

Read More

Exploit for CVE-2015-1641

Sigma rule (View on GitHub)

References

VirusTotal

Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for '3337937-107-0_1.Free_Hosting.doc'

Related rules