98bfc226fd8e2e3c85804c39908a69d29cf80470797aaad99beb9f48aaf2daf6 | Triage

Submit
Reports

Overview

overview

Static

static

proof of p...y.docx

windows7-x64

8

proof of p...y.docx

windows10-2004-x64

1

Sharing

General

Target

proof of payment & invoice copy.docx.doc
Size

10KB
Sample

230130-j7bdaabc8y
MD5

050e0cb03d4c8149ab1c2f38606fbcda
SHA1

018af45ad250355375afe06b0036e4333bb620f5
SHA256

98bfc226fd8e2e3c85804c39908a69d29cf80470797aaad99beb9f48aaf2daf6
SHA512

8aef1f075e219e344d61b4d5eea5f3275d0f931ceb3b6933714f438a06a3b2918e28bb231a797f19c3c8667a30ac7985fbd94180b048bb081369ef25a0a77ce5
SSDEEP

192:ScIMmtP5hG/b7XN+eOp8et9O+5+5F7Jar/YEChI31l:SPXRE7XtORj7wtar/YECOL

Score

10^/10

websettings

Static task

static1

Behavioral task

behavioral1

Sample

proof of payment & invoice copy.docx

Resource

win7-20221111-en

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

proof of payment & invoice copy.docx

Resource

win10v2004-20220901-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://dgdfghfjfghfghfghgfhfghfgsdgfggdfgdfgertdfgdfgdfg@3569425924/h.doc

Targets

- Target
  
  proof of payment & invoice copy.docx.doc
- Size
  
  10KB
- MD5
  
  050e0cb03d4c8149ab1c2f38606fbcda
- SHA1
  
  018af45ad250355375afe06b0036e4333bb620f5
- SHA256
  
  98bfc226fd8e2e3c85804c39908a69d29cf80470797aaad99beb9f48aaf2daf6
- SHA512
  
  8aef1f075e219e344d61b4d5eea5f3275d0f931ceb3b6933714f438a06a3b2918e28bb231a797f19c3c8667a30ac7985fbd94180b048bb081369ef25a0a77ce5
- SSDEEP
  
  192:ScIMmtP5hG/b7XN+eOp8et9O+5+5F7Jar/YEChI31l:SPXRE7XtORj7wtar/YECOL
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy