Overview

overview

10

Static

static

10

C34455E406...6.docx

windows7-x64

8

C34455E406...6.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C34455E406795B670CB0F912C7080806240B3BB30440C266B2F34D5EBCA887A6

  • Size

    10KB

  • Sample

    230208-v13pqscg2z

  • MD5

    0930a623ffc51bae160dc8a1fbea9676

  • SHA1

    8281985d1f5ad7755e63b6704880335e48da4630

  • SHA256

    c34455e406795b670cb0f912c7080806240b3bb30440c266b2f34d5ebca887a6

  • SHA512

    4c7833fe285e5962a00d34bf6d10ee4248591127872db48804de88d184d7fc4daf625afea5dd0ef17ff241bcc73473a280c12ab7dd169d315f78b5db616a3510

  • SSDEEP

    192:ScIMmtP5hG/b7XN+eO22O+5+5F7Jar/YEChI3gN:SPXRE7XtO227wtar/YECOQ

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

http://dgd0000fghfjf000ghf0000hfghgfhf0000ghfgsdgfgg00000dfgdfgert0000000dfgdfgdfg@3235032958/2.doc

Targets

    • Target

      C34455E406795B670CB0F912C7080806240B3BB30440C266B2F34D5EBCA887A6

    • Size

      10KB

    • MD5

      0930a623ffc51bae160dc8a1fbea9676

    • SHA1

      8281985d1f5ad7755e63b6704880335e48da4630

    • SHA256

      c34455e406795b670cb0f912c7080806240b3bb30440c266b2f34d5ebca887a6

    • SHA512

      4c7833fe285e5962a00d34bf6d10ee4248591127872db48804de88d184d7fc4daf625afea5dd0ef17ff241bcc73473a280c12ab7dd169d315f78b5db616a3510

    • SSDEEP

      192:ScIMmtP5hG/b7XN+eO22O+5+5F7Jar/YEChI3gN:SPXRE7XtO227wtar/YECOQ

    Score
    8/10

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks