Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER 032021-W878.ppt
Resource
win7v20201028
Behavioral task
behavioral2
Sample
NEW ORDER 032021-W878.ppt
Resource
win10v20201028
General
-
Target
NEW ORDER 032021-W878.ppt
-
Size
71KB
-
MD5
5c63ab7763e609cf490333be0be26596
-
SHA1
a3b5eb9fcbc36854ef61ef2c25ccf9fa5c1a5260
-
SHA256
736c4ad042343164463dce61269b4ab6101d8e34a4accbc3f2d23bb2e6a42f4a
-
SHA512
e6ed55100eac92bf698af254a6cd4b1ba0b87a1290ff5d2fd37ea6166b4444c2267c89c5d7e8d524a5250b0b33a95004d3168924f4e4b091d1b1add8c5c5a3a9
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule sample office_macro_on_action -
Processes:
resource yara_rule sample office_macros -
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule sample grizli777_cracked_office
Files
-
NEW ORDER 032021-W878.ppt.ppt .pps windows office2003