Overview

overview

8

Static

static

dvswiftsen...12.xls

windows7-x64

8

dvswiftsen...12.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dvswiftsend_202212390513_93310737712.xls

  • Size

    746KB

  • Sample

    221123-kls7mscf61

  • MD5

    213d6cdb4ba6626de9d1d4c8a022d9b2

  • SHA1

    ac1c8161acb070af77a01c99a3ee3a078a4fb40c

  • SHA256

    c8743fb6efa43940673e342940a34d36a2d1eef3262a569b0f651283fe141b7b

  • SHA512

    a8cdba85dd0d8d203acd67ac610164a62c7085e3865899c017905843064fc72d8307765cbe726b4eba6e0e5398eecdfaf87cbea24b336965663f0d387735e395

  • SSDEEP

    12288:YdNqrDx7XXXXXXXXXXXXUXXXXXXXSXXXXXXXXKTmWqmdNqrDx7XXXXXXXXXXXXU2:jr5XXXXXXXXXXXXUXXXXXXXSXXXXXXX2

Score
8/10

Malware Config

Targets

    • Target

      dvswiftsend_202212390513_93310737712.xls

    • Size

      746KB

    • MD5

      213d6cdb4ba6626de9d1d4c8a022d9b2

    • SHA1

      ac1c8161acb070af77a01c99a3ee3a078a4fb40c

    • SHA256

      c8743fb6efa43940673e342940a34d36a2d1eef3262a569b0f651283fe141b7b

    • SHA512

      a8cdba85dd0d8d203acd67ac610164a62c7085e3865899c017905843064fc72d8307765cbe726b4eba6e0e5398eecdfaf87cbea24b336965663f0d387735e395

    • SSDEEP

      12288:YdNqrDx7XXXXXXXXXXXXUXXXXXXXSXXXXXXXXKTmWqmdNqrDx7XXXXXXXXXXXXU2:jr5XXXXXXXXXXXXUXXXXXXXSXXXXXXX2

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks