Overview

overview

10

Static

static

10

docs.docx

windows7_x64

7

docs.docx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    docs.docx

  • Size

    10KB

  • Sample

    210524-rzhc9y8k5x

  • MD5

    8754081a3f19a192c0924f2384260d9f

  • SHA1

    83ffd5e6b09abfedc61813ccd812ef7916f3262a

  • SHA256

    5392f59cac6f4b6c7d0379306818a1cad6ff12dc940a5ecb4fac36a2e0dd7877

  • SHA512

    a8afd902fe3c3e89f1910edbc2fbedf81e1707e4195cef8327ca64a504a0c73bfd7c5ace78f53ee27c4370b7887fa20ad7ac02a8b9312b607fc177647b9046ce

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://waselp.com.sa/wp-includes/widgets/w/s.wbk

Targets

    • Target

      docs.docx

    • Size

      10KB

    • MD5

      8754081a3f19a192c0924f2384260d9f

    • SHA1

      83ffd5e6b09abfedc61813ccd812ef7916f3262a

    • SHA256

      5392f59cac6f4b6c7d0379306818a1cad6ff12dc940a5ecb4fac36a2e0dd7877

    • SHA512

      a8afd902fe3c3e89f1910edbc2fbedf81e1707e4195cef8327ca64a504a0c73bfd7c5ace78f53ee27c4370b7887fa20ad7ac02a8b9312b607fc177647b9046ce

    Score
    7/10

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks