General
-
Target
Order Confirmation _10001256.xlsx
-
Size
185KB
-
Sample
220315-rhadpaagdj
-
MD5
fde0bfb6b29ad5ab011a731f8804b1b6
-
SHA1
9a3a446e0c06efd7bcdbfe7816ad9dfc65718f59
-
SHA256
52453139504bb0f05f9f8bb46d1ac9f1ba94d94311d2065b003fc5ea6dabead7
-
SHA512
de2069c14fa128502665304ae465f22ed1110ae15288a8aaed56a08d150a46a651f8cf8ee468076de2930fc79f83eb12ce5828f7b4b6f1e491df6835d47d08ab
Static task
static1
Behavioral task
behavioral1
Sample
Order Confirmation _10001256.xlsx
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
Order Confirmation _10001256.xlsx
Resource
win10v2004-en-20220113
Malware Config
Extracted
oski
http://64.188.21.227/x/
Targets
-
-
Target
Order Confirmation _10001256.xlsx
-
Size
185KB
-
MD5
fde0bfb6b29ad5ab011a731f8804b1b6
-
SHA1
9a3a446e0c06efd7bcdbfe7816ad9dfc65718f59
-
SHA256
52453139504bb0f05f9f8bb46d1ac9f1ba94d94311d2065b003fc5ea6dabead7
-
SHA512
de2069c14fa128502665304ae465f22ed1110ae15288a8aaed56a08d150a46a651f8cf8ee468076de2930fc79f83eb12ce5828f7b4b6f1e491df6835d47d08ab
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-