General

  • Target

    Purchase-Order.xlsx

  • Size

    1.3MB

  • Sample

    210722-ajg9xp4v2e

  • MD5

    08bfe97addcfdc8ea68d56a80a16621a

  • SHA1

    2111b3ffb8b32bad9d341848bdab6688e280a222

  • SHA256

    594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17

  • SHA512

    f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91

Score
8/10

Malware Config

Targets

    • Target

      Purchase-Order.xlsx

    • Size

      1.3MB

    • MD5

      08bfe97addcfdc8ea68d56a80a16621a

    • SHA1

      2111b3ffb8b32bad9d341848bdab6688e280a222

    • SHA256

      594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17

    • SHA512

      f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks