Purchase-Order.xlsx

General
Target

Purchase-Order.xlsx

Size

1MB

Sample

210722-ajg9xp4v2e

Score
8 /10
MD5

08bfe97addcfdc8ea68d56a80a16621a

SHA1

2111b3ffb8b32bad9d341848bdab6688e280a222

SHA256

594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17

SHA512

f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91

Malware Config
Targets
Target

Purchase-Order.xlsx

MD5

08bfe97addcfdc8ea68d56a80a16621a

Filesize

1MB

Score
8 /10
SHA1

2111b3ffb8b32bad9d341848bdab6688e280a222

SHA256

594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17

SHA512

f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91

Signatures

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

    TTPs

    Scripting
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    8/10

                    behavioral2

                    1/10