f65d63d34801ef0fdbd2b204a27cfaacca7e36dd9373553e2d6d901d493354d2 | Triage

Submit
Reports

Overview

overview

Static

static

Booking Co...n.docx

windows7_x64

8

Booking Co...n.docx

windows10_x64

1

Sharing

General

Target

Booking Confirmation.docx
Size

10KB
Sample

210608-bzg445zr8s
MD5

719d1eb8a4794b7e58802a43a1241e9c
SHA1

944fd5deccb84a8a810958ce45a105beaaf11b1f
SHA256

f65d63d34801ef0fdbd2b204a27cfaacca7e36dd9373553e2d6d901d493354d2
SHA512

95f2cde4dcda16134b04ed6489c026205a972b0f3060146c016223b0bb914f76ab62d89197d05ba1b8a06a284bfd0dd18da76b9b45e7b2cc91378601438032ef

Score

10^/10

websettings

Static task

static1

Behavioral task

behavioral1

Sample

Booking Confirmation.docx

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Booking Confirmation.docx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://bit.do/fQZmn

Targets

- Target
  
  Booking Confirmation.docx
- Size
  
  10KB
- MD5
  
  719d1eb8a4794b7e58802a43a1241e9c
- SHA1
  
  944fd5deccb84a8a810958ce45a105beaaf11b1f
- SHA256
  
  f65d63d34801ef0fdbd2b204a27cfaacca7e36dd9373553e2d6d901d493354d2
- SHA512
  
  95f2cde4dcda16134b04ed6489c026205a972b0f3060146c016223b0bb914f76ab62d89197d05ba1b8a06a284bfd0dd18da76b9b45e7b2cc91378601438032ef
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy