Static task
static1
Behavioral task
behavioral1
Sample
a621e8ce92943201dce4f5965fa4199b.pps
Resource
win7v20210410
Behavioral task
behavioral2
Sample
a621e8ce92943201dce4f5965fa4199b.pps
Resource
win10v20210410
General
-
Target
a621e8ce92943201dce4f5965fa4199b.zip
-
Size
6KB
-
MD5
674b8596cbe1ef15ffdb78dd17106055
-
SHA1
a4d8b3750bc4e52a08d0d3acc37e0cf3b7178978
-
SHA256
cb011016cdc4f1fdff6bfae06b1a49c244e649de24250f3625d7d3bc5870c96c
-
SHA512
2f738d459496d36d0e91d4f6ef77d16988738a1b3c8bb8572332dc76b9d6a6648c51a73e04127137da75184c8e8fe29e6b6bfb844890f4420c4bacccdbcaf61b
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack001/a621e8ce92943201dce4f5965fa4199b office_macro_on_action -
Processes:
resource yara_rule static1/unpack001/a621e8ce92943201dce4f5965fa4199b office_xlm_macros static1/unpack001/a621e8ce92943201dce4f5965fa4199b office_macros -
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule static1/unpack001/a621e8ce92943201dce4f5965fa4199b grizli777_cracked_office
Files
-
a621e8ce92943201dce4f5965fa4199b.zip.zip
Password: infected
-
a621e8ce92943201dce4f5965fa4199b.pps windows office2003
calculator
cxczxc