a99b1a18139506f5cf6a7dcaa6715090381720ace26899d4b664ec00ea95cac2 | Triage

Submit
Reports

Overview

overview

Static

static

Payment.docx

windows7-x64

8

Payment.docx

windows10-2004-x64

1

Sharing

General

Target

Payment.docx.doc
Size

10KB
Sample

230216-nkzvkshc84
MD5

8d85d75b8789542275b8c85e25e04a32
SHA1

f41f9fa9dc5cc1dbea292c1df3e8d782e4e794a6
SHA256

a99b1a18139506f5cf6a7dcaa6715090381720ace26899d4b664ec00ea95cac2
SHA512

0de62e75ed1154bd556a245b0bd84817da5d9cde2c63683fd3d09ff80748c56b3565a8c6d0825ef1b76204f9ba9191a57aea37fcb69381351112bf66de17c6d5
SSDEEP

192:ScIMmtP5hG/b7XN+eOb3O+5+5F7Jar/YEChI32x:SPXRE7XtOj7wtar/YECOy

Score

10^/10

websettings

Static task

static1

Behavioral task

behavioral1

Sample

Payment.docx

Resource

win7-20220812-en

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment.docx

Resource

win10v2004-20220901-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http:/QQQQWWWWQWWWWQWWQWQWQWQQWQWQQWQWQWQWQWQWQWQQQQQQQQOQQQQQOOOOOOOOQOQQQQOQOQOQOQOQOQQWWWWQWQWQWQWQWQWQWQWQQWQ@3118348624/OO.DOC

Targets

- Target
  
  Payment.docx.doc
- Size
  
  10KB
- MD5
  
  8d85d75b8789542275b8c85e25e04a32
- SHA1
  
  f41f9fa9dc5cc1dbea292c1df3e8d782e4e794a6
- SHA256
  
  a99b1a18139506f5cf6a7dcaa6715090381720ace26899d4b664ec00ea95cac2
- SHA512
  
  0de62e75ed1154bd556a245b0bd84817da5d9cde2c63683fd3d09ff80748c56b3565a8c6d0825ef1b76204f9ba9191a57aea37fcb69381351112bf66de17c6d5
- SSDEEP
  
  192:ScIMmtP5hG/b7XN+eOb3O+5+5F7Jar/YEChI32x:SPXRE7XtOj7wtar/YECOy
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Abuses OpenXML format to download file from external location
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy