General
-
Target
PO-1364774 Final.xlsx
-
Size
749KB
-
Sample
200904-5scvaehy4x
-
MD5
2efbf412cd56c2203e8548512a68ef51
-
SHA1
5d0e3245ec2f35aaecfecb5cfa2af10db8e51451
-
SHA256
66b8e804eda79f364e6cd2ee2fdd967f199a1fe3dd7440e8c0ff313568f74531
-
SHA512
bfd71d8fa1c951b2705bab886060ebe926710ca32c9ea1a84f1caa586fd30c7e31804e27c7515632ad05ae78f18a4a68e93a56e10a8a9dece942496a8e0a8103
Static task
static1
Behavioral task
behavioral1
Sample
PO-1364774 Final.xlsx
Resource
win7v200722
Behavioral task
behavioral2
Sample
PO-1364774 Final.xlsx
Resource
win10v200722
Malware Config
Targets
-
-
Target
PO-1364774 Final.xlsx
-
Size
749KB
-
MD5
2efbf412cd56c2203e8548512a68ef51
-
SHA1
5d0e3245ec2f35aaecfecb5cfa2af10db8e51451
-
SHA256
66b8e804eda79f364e6cd2ee2fdd967f199a1fe3dd7440e8c0ff313568f74531
-
SHA512
bfd71d8fa1c951b2705bab886060ebe926710ca32c9ea1a84f1caa586fd30c7e31804e27c7515632ad05ae78f18a4a68e93a56e10a8a9dece942496a8e0a8103
-
Modifies firewall policy service
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-