d8575bd0c37f55d47438827c191ede404b8e8f764cb5a4d288322692715a423f | Triage

Submit
Reports

Overview

overview

Static

static

2313.docx

windows7-x64

8

2313.docx

windows10-2004-x64

1

Sharing

General

Target

2313.docx
Size

10KB
Sample

230215-wvz74ada4w
MD5

253d6b141a5a985f978106a7d58a42df
SHA1

41702863a0540a764ecbbdb82c868d916af650c6
SHA256

d8575bd0c37f55d47438827c191ede404b8e8f764cb5a4d288322692715a423f
SHA512

53fa8efc63978e1a7ded63a688533002c6cbc11d2529d167a6a232acbf9fa901568fc42401d21f9d284dc08e4ccccf7439ab29e349100994d9d798fe4c4e0e0d
SSDEEP

192:ScIMmtP5hG/b7XN+eOzO+5+5F7Jar/YEChI32x:SPXRE7XtOz7wtar/YECOy

Score

10^/10

discovery websettings

Static task

static1

Behavioral task

behavioral1

Sample

2313.docx

Resource

win7-20221111-en

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

2313.docx

Resource

win10v2004-20220812-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http:/QQQQWWWWQWWWWQWWQWQWQWQQWQWQQWQWQWQWQWQWQWQQQQQQQQOQQQQQOOOOOOOOQOQQQQOQOQOQOQOQOQQWWWWQWQWQWQWQWQWQWQWQQWQ@2901773865/O.DOC

Targets

- Target
  
  2313.docx
- Size
  
  10KB
- MD5
  
  253d6b141a5a985f978106a7d58a42df
- SHA1
  
  41702863a0540a764ecbbdb82c868d916af650c6
- SHA256
  
  d8575bd0c37f55d47438827c191ede404b8e8f764cb5a4d288322692715a423f
- SHA512
  
  53fa8efc63978e1a7ded63a688533002c6cbc11d2529d167a6a232acbf9fa901568fc42401d21f9d284dc08e4ccccf7439ab29e349100994d9d798fe4c4e0e0d
- SSDEEP
  
  192:ScIMmtP5hG/b7XN+eOzO+5+5F7Jar/YEChI32x:SPXRE7XtOz7wtar/YECOy
Score

8^/10

discovery
- Blocklisted process makes network request
- Downloads MZ/PE file
- Abuses OpenXML format to download file from external location
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy