Overview

overview

10

Static

static

8

PURCHASEORDER.xls

windows7-x64

10

PURCHASEORDER.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASEORDER.xls

  • Size

    1.5MB

  • Sample

    230324-hcxscscf84

  • MD5

    7128d7e3632afbc109085c91fd0404c1

  • SHA1

    4b16b615630468c252d3f642995a4d5d9c252e6b

  • SHA256

    33497120ede69ba4d6c9c7bb4533ec7ece887acfa9ed2d617a215ff81126b46e

  • SHA512

    5eccb89ed4479f7040ddf1582bbdb569c0f571337892e34fb0ff3151dee663f255e252f9886288b7ee31366df70d52f5a6c9f9163cda7db3fff1a2a4e275446a

  • SSDEEP

    24576:X2Tbq8KPsUGRoG1t6EWOEMhpaMNzl8raUtGCn113y4RzuCr2izm/EcUAbFNLGeuX:mv5K/G3v6EWxNMNzlMRtGCn113y4RaCw

Score
10/10
macromacro_on_action

Malware Config

Targets

    • Target

      PURCHASEORDER.xls

    • Size

      1.5MB

    • MD5

      7128d7e3632afbc109085c91fd0404c1

    • SHA1

      4b16b615630468c252d3f642995a4d5d9c252e6b

    • SHA256

      33497120ede69ba4d6c9c7bb4533ec7ece887acfa9ed2d617a215ff81126b46e

    • SHA512

      5eccb89ed4479f7040ddf1582bbdb569c0f571337892e34fb0ff3151dee663f255e252f9886288b7ee31366df70d52f5a6c9f9163cda7db3fff1a2a4e275446a

    • SSDEEP

      24576:X2Tbq8KPsUGRoG1t6EWOEMhpaMNzl8raUtGCn113y4RzuCr2izm/EcUAbFNLGeuX:mv5K/G3v6EWxNMNzlMRtGCn113y4RaCw

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks