General
-
Target
OMSMarineServices_order.xlsx
-
Size
466KB
-
Sample
210413-2edvnjre9n
-
MD5
24bd4a3d25c469bb138fb16e587dbf02
-
SHA1
563d37fde327ea4fb70fa3959079f72161711722
-
SHA256
6f8debb6acde9b5b878188327ea348102cc125e8f72245f79fb39967821a91fa
-
SHA512
cb05bdf0fb51ef2fe2a7f93f2c32f3a8ebe3c720642052c2cdc1eda9ba3c5bcd555187d890df5f41d83229d0081a874c1ae6c1e2252a30880dd1450cf1bbd883
Static task
static1
Behavioral task
behavioral1
Sample
OMSMarineServices_order.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
OMSMarineServices_order.xlsx
Resource
win10v20210408
Malware Config
Targets
-
-
Target
OMSMarineServices_order.xlsx
-
Size
466KB
-
MD5
24bd4a3d25c469bb138fb16e587dbf02
-
SHA1
563d37fde327ea4fb70fa3959079f72161711722
-
SHA256
6f8debb6acde9b5b878188327ea348102cc125e8f72245f79fb39967821a91fa
-
SHA512
cb05bdf0fb51ef2fe2a7f93f2c32f3a8ebe3c720642052c2cdc1eda9ba3c5bcd555187d890df5f41d83229d0081a874c1ae6c1e2252a30880dd1450cf1bbd883
Score8/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation