Overview

overview

10

Static

static

10

20899b27a5...f.docx

windows7-x64

8

20899b27a5...f.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20899b27a51843830df2084dce88cc97d752a7e2dd1a64ad3238080a145fceaf.zip

  • Size

    7KB

  • Sample

    230308-mgcefafd86

  • MD5

    e440512cd5ab365f8b40a502e3fabddd

  • SHA1

    865c7e263f646b235007ba6797043317d463d516

  • SHA256

    75abb2c934da164a8f5e7662fddb1ea809355763b23123550761bcef9f4fe285

  • SHA512

    c95a43e76fd7a09d3cde3043fdff13e000ff6a74abc3e3a68c5b9fae04d6b11de19c47d5ad707dbc10302dc5c72a92ed4ef97429fff17bf63f4d4900e056b4ce

  • SSDEEP

    192:nPwzwYIqvN0pWbJN2VRBneQKXT/6faxFeH8NkBZh:nPwz2e0YNN2fVKX76fycHvB3

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

http://WWWEEEEERWEEWWWE0E090W0DDF0F9S0WEWRWQQQ09EW0QQQQQQQQQQQ09W9WEREWRRRRRRRR090R00R2333RERERZZZZ090ZXXX0XXXXXX00XX@392095676/31.31.31.doc

Targets

    • Target

      20899b27a51843830df2084dce88cc97d752a7e2dd1a64ad3238080a145fceaf.doc

    • Size

      10KB

    • MD5

      f300f686821deba927b954a36cb74874

    • SHA1

      1c076c17f47e2942035fcf63709aa85213c4f83d

    • SHA256

      20899b27a51843830df2084dce88cc97d752a7e2dd1a64ad3238080a145fceaf

    • SHA512

      7ddb21922884a405da9a865953c767eafec3ee2ea60b39de3388319cff15d74f11818e391823a42a38729bf973cb86edaee7fe503e7ed75da8d3cd728bcd0e68

    • SSDEEP

      192:ScIMmtP1aIG/bslPL++uOAl+CVWBXJC0c3De:SPXU/slT+LOAHkZC9q

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks