981a8d22f631f0002d741ccef8f825506e64f6f02f12082c6ea302a0f6855dd1 | Triage

Sharing

General

Target

Payment advice.xls
Size

746KB
Sample

221123-qxzfpafb33
MD5

bb3ef10c165da5d222d439b85a5b6933
SHA1

ab1594706c065b893ab7fc9884c005411a03aa06
SHA256

981a8d22f631f0002d741ccef8f825506e64f6f02f12082c6ea302a0f6855dd1
SHA512

2c40323c0d29880e8368698f9a9e00f0e2adcdc386deaceb4a170999599b052b72aa31f2810cd72092569a61359985d4eb325e8ee8a89b0e5413302e64e80f16
SSDEEP

12288:cdNqrDx7XXXXXXXXXXXXUXXXXXXXSXXXXXXXXxTmwqGdNqrDx7XXXXXXXXXXXXUH:Pr5XXXXXXXXXXXXUXXXXXXXSXXXXXXX0

Score

8^/10

Malware Config

Targets

- Target
  
  Payment advice.xls
- Size
  
  746KB
- MD5
  
  bb3ef10c165da5d222d439b85a5b6933
- SHA1
  
  ab1594706c065b893ab7fc9884c005411a03aa06
- SHA256
  
  981a8d22f631f0002d741ccef8f825506e64f6f02f12082c6ea302a0f6855dd1
- SHA512
  
  2c40323c0d29880e8368698f9a9e00f0e2adcdc386deaceb4a170999599b052b72aa31f2810cd72092569a61359985d4eb325e8ee8a89b0e5413302e64e80f16
- SSDEEP
  
  12288:cdNqrDx7XXXXXXXXXXXXUXXXXXXXSXXXXXXXXxTmwqGdNqrDx7XXXXXXXXXXXXUH:Pr5XXXXXXXXXXXXUXXXXXXXSXXXXXXX0
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2