General

  • Target

    Purchase Order Ref 23-183-GS.docx

  • Size

    10KB

  • Sample

    230323-y869nsbh8w

  • MD5

    bdf64063e4a2b92bbf9fdb4ee283166a

  • SHA1

    1ceeba2ff0d261d0b9d608e5c4473e15eb6d9d5a

  • SHA256

    a850d5cfba419fb66894b56ba97f7c93f2fdea85dc718697d233f96e440d7379

  • SHA512

    9a7cf7d4cd16ade98bd7c8fa81842d66a2d0347ad2e73a3dd1b87d4e9e0a6a739ff7028df1f6fab09dd581b8cd8b952df2e9a83cbbe80a7c04be5b7059cdba1a

  • SSDEEP

    192:ScIMmtP1aIG/bslPL++uOt+Il+CVWBXJC0c3g+:SPXU/slT+LOtfHkZC9j

Score
10/10

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

http://OASOSIDFOSWEROEROOWRWERWEREWWW0W83W338W83WOIEORIOWEIROWI3339W99ER8WE9R923R29849284WERWERWE9RW93949498WWOEIROWEOR23489W@66041506/09...........09..............doc

Targets

    • Target

      Purchase Order Ref 23-183-GS.docx

    • Size

      10KB

    • MD5

      bdf64063e4a2b92bbf9fdb4ee283166a

    • SHA1

      1ceeba2ff0d261d0b9d608e5c4473e15eb6d9d5a

    • SHA256

      a850d5cfba419fb66894b56ba97f7c93f2fdea85dc718697d233f96e440d7379

    • SHA512

      9a7cf7d4cd16ade98bd7c8fa81842d66a2d0347ad2e73a3dd1b87d4e9e0a6a739ff7028df1f6fab09dd581b8cd8b952df2e9a83cbbe80a7c04be5b7059cdba1a

    • SSDEEP

      192:ScIMmtP1aIG/bslPL++uOt+Il+CVWBXJC0c3g+:SPXU/slT+LOtfHkZC9j

    Score
    8/10
    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

MITRE ATT&CK Matrix ATT&CK v6

Execution

Exploitation for Client Execution

1
T1203

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks