General
-
Target
invoice_941235.doc
-
Size
12KB
-
Sample
200917-y21lapa3zn
-
MD5
c7c80f25d00778c46a8acc0385df0e58
-
SHA1
12cbd6f950bd590647bb40ac72a2549d715e26e8
-
SHA256
b2da1683029eeaebd526bf72a88599d651816a3c756db7a80dc48282579ac137
-
SHA512
b915001c787b4b0c0e59b9519c5de0dff56ec5c6a7807ddfbc063f7ba37c052bdadda0df44f0fccd57cacd8ff07a40a6e1102f600ab63fdca4b2c9a1012b5ab9
Static task
static1
Behavioral task
behavioral1
Sample
invoice_941235.doc
Resource
win7v200722
Behavioral task
behavioral2
Sample
invoice_941235.doc
Resource
win10v200722
Malware Config
Targets
-
-
Target
invoice_941235.doc
-
Size
12KB
-
MD5
c7c80f25d00778c46a8acc0385df0e58
-
SHA1
12cbd6f950bd590647bb40ac72a2549d715e26e8
-
SHA256
b2da1683029eeaebd526bf72a88599d651816a3c756db7a80dc48282579ac137
-
SHA512
b915001c787b4b0c0e59b9519c5de0dff56ec5c6a7807ddfbc063f7ba37c052bdadda0df44f0fccd57cacd8ff07a40a6e1102f600ab63fdca4b2c9a1012b5ab9
-
Modifies firewall policy service
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-