General
-
Target
OfficeConsultPlugin.exe
-
Size
1.4MB
-
Sample
210408-9t3lvz311n
-
MD5
fba1fd894b9201a11e866ba58c80ae61
-
SHA1
89236d9795f1e8db7d895d0e364dd4768ebc6410
-
SHA256
904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a
-
SHA512
0d37b91123abb1ded40ae7604980dffa675dcacc1bf772b06e36a2e4c72488558511dd3f8df0fc47d9a6cc870eaef4a9e54a55b20a4432b5802cdeeba327470a
Static task
static1
Behavioral task
behavioral1
Sample
OfficeConsultPlugin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
OfficeConsultPlugin.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
OfficeConsultPlugin.exe
-
Size
1.4MB
-
MD5
fba1fd894b9201a11e866ba58c80ae61
-
SHA1
89236d9795f1e8db7d895d0e364dd4768ebc6410
-
SHA256
904f69a4bed3844273cce1676e8920794815af4c1527e560bbc1bc44b5b8457a
-
SHA512
0d37b91123abb1ded40ae7604980dffa675dcacc1bf772b06e36a2e4c72488558511dd3f8df0fc47d9a6cc870eaef4a9e54a55b20a4432b5802cdeeba327470a
Score7/10-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-