6f8debb6acde9b5b878188327ea348102cc125e8f72245f79fb39967821a91fa | Triage

Submit
Reports

Overview

overview

8

Static

static

OMSMarineS...r.xlsx

windows7_x64

8

OMSMarineS...r.xlsx

windows10_x64

1

Sharing

General

Target

OMSMarineServices_order.xlsx
Size

466KB
Sample

210413-2edvnjre9n
MD5

24bd4a3d25c469bb138fb16e587dbf02
SHA1

563d37fde327ea4fb70fa3959079f72161711722
SHA256

6f8debb6acde9b5b878188327ea348102cc125e8f72245f79fb39967821a91fa
SHA512

cb05bdf0fb51ef2fe2a7f93f2c32f3a8ebe3c720642052c2cdc1eda9ba3c5bcd555187d890df5f41d83229d0081a874c1ae6c1e2252a30880dd1450cf1bbd883

Score

8^/10

Static task

static1

Behavioral task

behavioral1

Sample

OMSMarineServices_order.xlsx

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

OMSMarineServices_order.xlsx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  OMSMarineServices_order.xlsx
- Size
  
  466KB
- MD5
  
  24bd4a3d25c469bb138fb16e587dbf02
- SHA1
  
  563d37fde327ea4fb70fa3959079f72161711722
- SHA256
  
  6f8debb6acde9b5b878188327ea348102cc125e8f72245f79fb39967821a91fa
- SHA512
  
  cb05bdf0fb51ef2fe2a7f93f2c32f3a8ebe3c720642052c2cdc1eda9ba3c5bcd555187d890df5f41d83229d0081a874c1ae6c1e2252a30880dd1450cf1bbd883
Score

8^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy