328d5021590bf808545e470fbfb153f96d61f48f518e6c8a7c98d8d03d796dfc | Triage

Sharing

General

Target

328d5021590bf808545e470fbfb153f96d61f48f518e6c8a7c98d8d03d796dfc
Size

7KB
Sample

241121-ynenxswkhy
MD5

f60df6fc3e7ba808ecd1d69ea5c91610
SHA1

afd0fa03182b33878a6ce6579a4a39be0e3aaae7
SHA256

328d5021590bf808545e470fbfb153f96d61f48f518e6c8a7c98d8d03d796dfc
SHA512

e969ef7f942237acd6ac10ee596809489454622e50ba80e728b62b6b9319337b21d8a41693bb707f7b9a48d7a4901bd3b7c21d2bac926c560e08817e8c9ea542
SSDEEP

192:X/MytHX4IDOBlokyLHdzQA6KPRzE7C69WjLmELIbT55JGEN+RCp:X/vHX4IaoLdzQDMECDjLL8bTT5vp

Score

10^/10

discovery websettings

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://107.172.13.160/---.----.-------------------....-.-.-.-.-.-.-.-.......------------/.-.-.-.-.-.-.-.-.-..-.------------..........wiz.wiz

Targets

- Target
  
  aa92a3fc1435e17c3200534f0dc9bc7225a05587_1633535444644.bin
- Size
  
  10KB
- MD5
  
  b7c251065c3568dc920204dfcf8f926f
- SHA1
  
  aa92a3fc1435e17c3200534f0dc9bc7225a05587
- SHA256
  
  ec4ca439612dd82e0c3083832277f8d6d310cdec17cb77f73fe378fd62dd8cc2
- SHA512
  
  232df1c3114e07b5eaf0473f0789668f096336c0d52d3e5414a6128ed8e8d4c89c9868256a08a1eea92f2dbda66eee00649b2000fc20725765cf596773aabb08
- SSDEEP
  
  192:ScIMmtPp8G/btCX0iSOcchWamWBXfc3zMaoN:SPXxrtCEiSOz0o0a
Score

7^/10

discovery
- Abuses OpenXML format to download file from external location
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2