Static task
static1
Behavioral task
behavioral1
Sample
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc
Resource
win10-en-20211014
General
-
Target
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.zip
-
Size
9KB
-
MD5
c51b86d1a7fd3e455943747121e9764c
-
SHA1
8b4d33aaf8573706e039e979ede632841162ca2e
-
SHA256
d122e97cc5bd9cfd5e122bb0aedf1f6835d8f535020a263fbd0ebf2535c5c471
-
SHA512
813d9e8b406ca5a7973089a08c017877da04b2704192d32c5de4b09058c090de026a46acaf3ce07c0499beb6302a541d3c07e3bf4158a572cf1b80c1b34091a1
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack001/ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc office_macro_on_action -
Processes:
resource yara_rule static1/unpack001/ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc office_xlm_macros static1/unpack001/ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc office_macros
Files
-
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.zip.zip
Password: infected
-
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc.doc windows office2003
ThisDocument