f5c3bea5b81c221bc8737bd8489154745c8d6644d7d19484218151f9a1c1f656 | Triage

Submit
Reports

Overview

overview

8

Static

static

DHL-Address.xlsx

windows7_x64

8

DHL-Address.xlsx

windows10_x64

1

Sharing

General

Target

DHL-Address.xlsx
Size

586KB
Sample

210113-gbp8c1enae
MD5

5de2e8bdb620804fd22d76f1e9fedf6e
SHA1

942ce29cd8138a1594ee416debf753d8eaa71528
SHA256

f5c3bea5b81c221bc8737bd8489154745c8d6644d7d19484218151f9a1c1f656
SHA512

f24f1d93e61dffe4c48995e0a1ef039b7346cbd9f94a65dffac4d360b5f7419306bcffd57f403a7a6764dd38d7ec9b59e1d0462703f834edc368c38bda939e53

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

DHL-Address.xlsx

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL-Address.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  DHL-Address.xlsx
- Size
  
  586KB
- MD5
  
  5de2e8bdb620804fd22d76f1e9fedf6e
- SHA1
  
  942ce29cd8138a1594ee416debf753d8eaa71528
- SHA256
  
  f5c3bea5b81c221bc8737bd8489154745c8d6644d7d19484218151f9a1c1f656
- SHA512
  
  f24f1d93e61dffe4c48995e0a1ef039b7346cbd9f94a65dffac4d360b5f7419306bcffd57f403a7a6764dd38d7ec9b59e1d0462703f834edc368c38bda939e53
Score

8^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy