Static task
static1
Behavioral task
behavioral1
Sample
a9194b2dc593c73598cc95b3b1aad400910f48225e527dc61159300be44651ca.pps
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a9194b2dc593c73598cc95b3b1aad400910f48225e527dc61159300be44651ca.pps
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
5740937465331712.zip
-
Size
50KB
-
MD5
ef9925def70f3d3b157d16eacbf09d98
-
SHA1
ac5057ed58e513ec5731abc8945d5a22ac82e96d
-
SHA256
850fcdf5c86123c672bf8572c6a06ddbedf256bfbb7236c3886e1f6f4cc96d16
-
SHA512
37404c68ea801e84a1280247554a95faf1673aca63b99535e8ac170c63dd8c58b2ceb2ed7d8802e125407395519d0a4625adfff71622f778e407e4fda89e66de
Score
8/10
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/a9194b2dc593c73598cc95b3b1aad400910f48225e527dc61159300be44651ca office_macros -
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule static1/unpack001/a9194b2dc593c73598cc95b3b1aad400910f48225e527dc61159300be44651ca grizli777_cracked_office
Files
-
5740937465331712.zip.zip
Password: infected
-
a9194b2dc593c73598cc95b3b1aad400910f48225e527dc61159300be44651ca.pps windows office2003
CAlca