0ac1a7ed74f413e6d39a5235038f3c2dea7956f455f37aac5e2a5770cf364690 | Triage

Sharing

General

Target

Order_385647584.xlsx
Size

1.5MB
Sample

210113-pb8en7v7qa
MD5

d040c427703e2a2183f67742c2a5af54
SHA1

e88e65daa49e1dac16bd0b727943758c47057284
SHA256

0ac1a7ed74f413e6d39a5235038f3c2dea7956f455f37aac5e2a5770cf364690
SHA512

62432ed70b468c3044a635fd10e62bd2925e2967c487a7c3d067fcca065cffc43d7770ffe5b652740b7ee244f440e8934ee5f93b07cd263dc8150adce0b55b4f

Score

8^/10

Malware Config

Targets

- Target
  
  Order_385647584.xlsx
- Size
  
  1.5MB
- MD5
  
  d040c427703e2a2183f67742c2a5af54
- SHA1
  
  e88e65daa49e1dac16bd0b727943758c47057284
- SHA256
  
  0ac1a7ed74f413e6d39a5235038f3c2dea7956f455f37aac5e2a5770cf364690
- SHA512
  
  62432ed70b468c3044a635fd10e62bd2925e2967c487a7c3d067fcca065cffc43d7770ffe5b652740b7ee244f440e8934ee5f93b07cd263dc8150adce0b55b4f
Score

8^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2