c8743fb6efa43940673e342940a34d36a2d1eef3262a569b0f651283fe141b7b | Triage

Sharing

General

Target

dvswiftsend_202212390513_93310737712.xls
Size

746KB
Sample

221123-kls7mscf61
MD5

213d6cdb4ba6626de9d1d4c8a022d9b2
SHA1

ac1c8161acb070af77a01c99a3ee3a078a4fb40c
SHA256

c8743fb6efa43940673e342940a34d36a2d1eef3262a569b0f651283fe141b7b
SHA512

a8cdba85dd0d8d203acd67ac610164a62c7085e3865899c017905843064fc72d8307765cbe726b4eba6e0e5398eecdfaf87cbea24b336965663f0d387735e395
SSDEEP

12288:YdNqrDx7XXXXXXXXXXXXUXXXXXXXSXXXXXXXXKTmWqmdNqrDx7XXXXXXXXXXXXU2:jr5XXXXXXXXXXXXUXXXXXXXSXXXXXXX2

Score

8^/10

Malware Config

Targets

- Target
  
  dvswiftsend_202212390513_93310737712.xls
- Size
  
  746KB
- MD5
  
  213d6cdb4ba6626de9d1d4c8a022d9b2
- SHA1
  
  ac1c8161acb070af77a01c99a3ee3a078a4fb40c
- SHA256
  
  c8743fb6efa43940673e342940a34d36a2d1eef3262a569b0f651283fe141b7b
- SHA512
  
  a8cdba85dd0d8d203acd67ac610164a62c7085e3865899c017905843064fc72d8307765cbe726b4eba6e0e5398eecdfaf87cbea24b336965663f0d387735e395
- SSDEEP
  
  12288:YdNqrDx7XXXXXXXXXXXXUXXXXXXXSXXXXXXXXKTmWqmdNqrDx7XXXXXXXXXXXXU2:jr5XXXXXXXXXXXXUXXXXXXXSXXXXXXX2
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2