b89b2d6eaed3863624271e5465f801ccba1838563a3c88e16927b0b4052f704d | Triage

Submit
Reports

Overview

overview

Static

static

TT-2384934.docx

windows7-x64

8

TT-2384934.docx

windows10-2004-x64

1

Sharing

General

Target

TT-2384934.docx.doc
Size

10KB
Sample

230310-qsyzcsdg86
MD5

f4c82379e41bccf127f9010ea87d8262
SHA1

d5c10f72a585a3168bc3507486328d06f0d08019
SHA256

b89b2d6eaed3863624271e5465f801ccba1838563a3c88e16927b0b4052f704d
SHA512

38e2984a5df39ddf858de9657da038c6223d5af5cd606ce27f0de7f744c99a4b0e35ec71fc2b9a4f0a1c440400b54c1d0cadcd18de873860e0caf6545041028c
SSDEEP

192:ScIMmtP1aIG/bslPL++uOvl+CVWBXJC0c3jC5R:SPXU/slT+LOvHkZC9jCT

Score

10^/10

websettings

Static task

static1

Behavioral task

behavioral1

Sample

TT-2384934.docx

Resource

win7-20230220-en

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

TT-2384934.docx

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://yyyyyYYYYUUSUUUUUUU3243242UUU23U423U4UU2UWW00000000000000000000000@2401929236/hz...........hz............doc

Targets

- Target
  
  TT-2384934.docx.doc
- Size
  
  10KB
- MD5
  
  f4c82379e41bccf127f9010ea87d8262
- SHA1
  
  d5c10f72a585a3168bc3507486328d06f0d08019
- SHA256
  
  b89b2d6eaed3863624271e5465f801ccba1838563a3c88e16927b0b4052f704d
- SHA512
  
  38e2984a5df39ddf858de9657da038c6223d5af5cd606ce27f0de7f744c99a4b0e35ec71fc2b9a4f0a1c440400b54c1d0cadcd18de873860e0caf6545041028c
- SSDEEP
  
  192:ScIMmtP1aIG/bslPL++uOvl+CVWBXJC0c3jC5R:SPXU/slT+LOvHkZC9jCT
Score

8^/10
- Blocklisted process makes network request
- Downloads MZ/PE file
- Abuses OpenXML format to download file from external location
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy