Overview

overview

8

Static

static

BOM_431580...ts.xls

windows7-x64

8

BOM_431580...ts.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BOM_431580_23.11.22 - Placements.xls

  • Size

    1.0MB

  • Sample

    221123-qxzfpaab61

  • MD5

    9a53b56adecec33768f427031a3e068d

  • SHA1

    4ef5fdf9584ba21a16ddb2dd01aef99b81bf4307

  • SHA256

    80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd

  • SHA512

    2bbea9904fc8757a00f4bf63d39a3f975972b8fce5633fb7560ca48faaaf81cdadca9f01adf25c7548c0c6cc9b50b1feff14d382e431225c5068934e47cd2bd4

  • SSDEEP

    24576:+r5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXwmRr5XXXXXXXXXXXXUXXXXXXXSXXXXXz:Ef

Score
8/10

Malware Config

Targets

    • Target

      BOM_431580_23.11.22 - Placements.xls

    • Size

      1.0MB

    • MD5

      9a53b56adecec33768f427031a3e068d

    • SHA1

      4ef5fdf9584ba21a16ddb2dd01aef99b81bf4307

    • SHA256

      80bfd5671a9013cc4ba919582612f6d16076e0663990572188093e61ae40e2bd

    • SHA512

      2bbea9904fc8757a00f4bf63d39a3f975972b8fce5633fb7560ca48faaaf81cdadca9f01adf25c7548c0c6cc9b50b1feff14d382e431225c5068934e47cd2bd4

    • SSDEEP

      24576:+r5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXwmRr5XXXXXXXXXXXXUXXXXXXXSXXXXXz:Ef

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks