ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d[.]zip | Triage

Sharing

General

Target

ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.zip
Size

9KB
MD5

c51b86d1a7fd3e455943747121e9764c
SHA1

8b4d33aaf8573706e039e979ede632841162ca2e
SHA256

d122e97cc5bd9cfd5e122bb0aedf1f6835d8f535020a263fbd0ebf2535c5c471
SHA512

813d9e8b406ca5a7973089a08c017877da04b2704192d32c5de4b09058c090de026a46acaf3ce07c0499beb6302a541d3c07e3bf4158a572cf1b80c1b34091a1

Score

8^/10

macro xlm macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc	office_macro_on_action

Suspicious Office macro 2 IoCs

Office document equipped with 4.0 macros.

Processes:

resource	yara_rule
static1/unpack001/ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc	office_xlm_macros
static1/unpack001/ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc	office_macros

Files

ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.zip
.zip

Password: infected
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc
.doc windows office2003

ThisDocument