100636e87d7ac9e5f4b98ad3028b942e04956284f3fb57d7573c6af6c8316d79 | Triage

Submit
Reports

Overview

overview

Static

static

remittance...e.docx

windows7_x64

8

remittance...e.docx

windows10_x64

1

Sharing

General

Target

remittance advice.docx
Size

10KB
Sample

210429-9dwdnwec42
MD5

2af49a1a11b912f47a1f5c48ba164ed1
SHA1

ad0466cc2e11093139e94cf2ecd1ba0b0443eb30
SHA256

100636e87d7ac9e5f4b98ad3028b942e04956284f3fb57d7573c6af6c8316d79
SHA512

d62be458783eb5ae3fd555206d538f0005f56771c98ebf98582a5fea62e6819a8cf593906d552f2eb4399f7b186ac571d940ead5c0f80b8b8757f4346a2fe5e5

Score

10^/10

websettings

Static task

static1

Behavioral task

behavioral1

Sample

remittance advice.docx

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

remittance advice.docx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

https://is.gd/RwhzMw

Targets

- Target
  
  remittance advice.docx
- Size
  
  10KB
- MD5
  
  2af49a1a11b912f47a1f5c48ba164ed1
- SHA1
  
  ad0466cc2e11093139e94cf2ecd1ba0b0443eb30
- SHA256
  
  100636e87d7ac9e5f4b98ad3028b942e04956284f3fb57d7573c6af6c8316d79
- SHA512
  
  d62be458783eb5ae3fd555206d538f0005f56771c98ebf98582a5fea62e6819a8cf593906d552f2eb4399f7b186ac571d940ead5c0f80b8b8757f4346a2fe5e5
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy