Overview

overview

10

Static

static

10

elenco ord...3.docx

windows7-x64

8

elenco ord...3.docx

windows10-2004-x64

1

Resubmissions

17-02-2023 10:55

230217-m1gs9sfa85 10

17-02-2023 10:44

230217-ms8a9afa43 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    elenco ordini bo#160223.docx

  • Size

    10KB

  • Sample

    230217-m1gs9sfa85

  • MD5

    c2be0d4583bc551a308671709c1e253e

  • SHA1

    dc9b67cf7f292f6f8f380ffbf49014bd0db2b526

  • SHA256

    73ec76f4e4dfbc1f548ddbc1a5706f12e932f53abc8e30a3f3cc0adb8cc012b0

  • SHA512

    eb14f56f94695a979ac78e6569dfd5501dca380862ac52d31c3880ffdfd3d6c6dc945a59a00d5709fa4be234510de0419b5f55e06c52052f802f9ae4dc3a3407

  • SSDEEP

    192:ScIMmtP5hG/b7XN+eOvOwO+5+5F7Jar/YEChI3GJ:SPXRE7XtO2w7wtar/YECOq

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

http:/QQQQWWWWQWWWWQWWQWQWQWQQWQWQQWQWQWQWQWQWQWQQQQQQQQOQQQQQOOOOOOOOQOQQQQOQOQOQOQOQOQQWWWWQWQWQWQWQWQWQWQWQQWQ@1755848856/O_O.DOC

Targets

    • Target

      elenco ordini bo#160223.docx

    • Size

      10KB

    • MD5

      c2be0d4583bc551a308671709c1e253e

    • SHA1

      dc9b67cf7f292f6f8f380ffbf49014bd0db2b526

    • SHA256

      73ec76f4e4dfbc1f548ddbc1a5706f12e932f53abc8e30a3f3cc0adb8cc012b0

    • SHA512

      eb14f56f94695a979ac78e6569dfd5501dca380862ac52d31c3880ffdfd3d6c6dc945a59a00d5709fa4be234510de0419b5f55e06c52052f802f9ae4dc3a3407

    • SSDEEP

      192:ScIMmtP5hG/b7XN+eOvOwO+5+5F7Jar/YEChI3GJ:SPXRE7XtO2w7wtar/YECOq

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks