Overview

overview

10

Static

static

ORDER Pass...6.xlsb

windows7_x64

10

ORDER Pass...6.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER Password 016.xlsb

  • Size

    22KB

  • Sample

    210722-gv96xfnr56

  • MD5

    467cd2162bedb716002e3c092eee5dd9

  • SHA1

    75c1029048796673ac7c2eb594e6470f6efce826

  • SHA256

    0a4bc12bdcd24aabd6cb2711654e17a513f442fec08026387f953d6b1baa3768

  • SHA512

    9ae0086d185e4b3075e008b92b3cecab4ab85d49429796235cbb1cb2584380a8b122746e028a79d846ddbfb76a2778fbdc8bb47d36827c3a53cc126338ef074d

Score
10/10

Malware Config

Targets

    • Target

      ORDER Password 016.xlsb

    • Size

      22KB

    • MD5

      467cd2162bedb716002e3c092eee5dd9

    • SHA1

      75c1029048796673ac7c2eb594e6470f6efce826

    • SHA256

      0a4bc12bdcd24aabd6cb2711654e17a513f442fec08026387f953d6b1baa3768

    • SHA512

      9ae0086d185e4b3075e008b92b3cecab4ab85d49429796235cbb1cb2584380a8b122746e028a79d846ddbfb76a2778fbdc8bb47d36827c3a53cc126338ef074d

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks