General
-
Target
Purchase-Order.xlsx
-
Size
1.3MB
-
Sample
210722-ajg9xp4v2e
-
MD5
08bfe97addcfdc8ea68d56a80a16621a
-
SHA1
2111b3ffb8b32bad9d341848bdab6688e280a222
-
SHA256
594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17
-
SHA512
f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91
Static task
static1
Behavioral task
behavioral1
Sample
Purchase-Order.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Purchase-Order.xlsx
Resource
win10v20210410
Malware Config
Targets
-
-
Target
Purchase-Order.xlsx
-
Size
1.3MB
-
MD5
08bfe97addcfdc8ea68d56a80a16621a
-
SHA1
2111b3ffb8b32bad9d341848bdab6688e280a222
-
SHA256
594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17
-
SHA512
f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-