Static task
static1
Behavioral task
behavioral1
Sample
171ee99567663e68f16fc3e7d7052eacfcd87d6ac9b4f3b32a69e5aca4b583b9.xls
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
171ee99567663e68f16fc3e7d7052eacfcd87d6ac9b4f3b32a69e5aca4b583b9.xls
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
4989039120908288.zip
-
Size
367KB
-
MD5
488e094974efb6acae512e88c98d4f5f
-
SHA1
1cfdd0904712d7f1f4fffe53f365177270f32e05
-
SHA256
5bdcd9abfa76950e64c08ca22b48f47208242b52aeb6313a7c1d6fb5060aa60b
-
SHA512
2a48bf5b17f5e7c05bde1bc4fec99a50bdb6bd358ca202ebdd0d5461ecc2037bae001d789a5f9289969acb72dbb8eb72e85456f4010a6be101ac229bc238ef32
Score
8/10
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack001/171ee99567663e68f16fc3e7d7052eacfcd87d6ac9b4f3b32a69e5aca4b583b9 office_macro_on_action -
Processes:
resource yara_rule static1/unpack001/171ee99567663e68f16fc3e7d7052eacfcd87d6ac9b4f3b32a69e5aca4b583b9 office_xlm_macros static1/unpack001/171ee99567663e68f16fc3e7d7052eacfcd87d6ac9b4f3b32a69e5aca4b583b9 office_macros
Files
-
4989039120908288.zip.zip
Password: infected
-
171ee99567663e68f16fc3e7d7052eacfcd87d6ac9b4f3b32a69e5aca4b583b9.xls windows office2003
ThisWorkbook
Sheet1