Overview

overview

10

Static

static

10

OGILVIE PO_84162.docx

windows7-x64

7

OGILVIE PO_84162.docx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddc30a4e07e07e1758aef33ead92daa3

  • Size

    22KB

  • Sample

    240325-mac3dsga3t

  • MD5

    ddc30a4e07e07e1758aef33ead92daa3

  • SHA1

    bf4e088b064dee76687c7324c229611437262990

  • SHA256

    5560f38f794d523a83e0857c85b9706883fdc9acf2bb7038c396aa43551505b5

  • SHA512

    16ebde5b3f22f7ff93ebca2d0a3a42ca8033ec68f79d8e29e609f3fcbcf81715c3f8031d7be8863d01f89ae7a88b054a2512b1577ddd286d188bc1f31095f21f

  • SSDEEP

    384:W4dJkCTh5QMJ0nxYFznwnJenrnHcKdiUuprBk8r1dcJ+KCC9c6ZibbpW2+c+hiPx:PJ9hJ0aznwnJenrnHcKdiU6xKJDC7Zbp

Score
10/10
websettings

Malware Config

Extracted

Rule
Microsoft Office WebSettings Relationship
C2

https://upurl.me/m7oiv

Targets

    • Target

      OGILVIE PO_84162.docx

    • Size

      10KB

    • MD5

      6dbd23452e400d9b58254e44aadb343d

    • SHA1

      680a42c1a195220fe66b501e092ca4cc214490f1

    • SHA256

      8e6218f79530d3bdadcb9b2246a0af93bb7a1c1374ce978067de2b830a99bc9d

    • SHA512

      047ac1ad5b859dba02467fb1d4a622aec6a90c1571fde623514b2e7be88c97746814976dd8a56efec8e89752395c3944c671fd73cf2b1502f9a5208d241c151e

    • SSDEEP

      192:ScIMmtPZG/bEpOjoDcgEamWBXpK0ydJb3FH+fR:SPXEEpOjOcNoEP7bwZ

    Score
    7/10

    • Abuses OpenXML format to download file from external location

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks