General
-
Target
Purchase_Order___PO220126-01.docx
-
Size
10KB
-
Sample
220127-pyd1pscgdl
-
MD5
e3cfb506f0e65381ac420397932097f3
-
SHA1
fae28a0f92ce9ff146ae85c8dbde71286500873e
-
SHA256
0f1b744f01460d16ca025472b07896f43b49457096cbaa64d5298979ee8dd3ed
-
SHA512
5f62af23e840e27f04cceb345235cb31c2d0863a184c0ac0ec3266a9fa7564ecebb2bebe555f9a0c1a02b41aaa011aada42abf2747e0f4ad2eddcdbb6b56449a
Static task
static1
Behavioral task
behavioral1
Sample
Purchase_Order___PO220126-01.docx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Purchase_Order___PO220126-01.docx
Resource
win10-en-20211208
Malware Config
Extracted
http://198.23.207.10/..W.w.........WWww.---wW--W-Ww--.w---wW...............Wbk-Wbk........wWWw/...-W--------wwwWw........Wnk...---WBK.----WwwW...wBkW-----w-w---Ww.wW......wwwWw.-_w.wbk
Targets
-
-
Target
Purchase_Order___PO220126-01.docx
-
Size
10KB
-
MD5
e3cfb506f0e65381ac420397932097f3
-
SHA1
fae28a0f92ce9ff146ae85c8dbde71286500873e
-
SHA256
0f1b744f01460d16ca025472b07896f43b49457096cbaa64d5298979ee8dd3ed
-
SHA512
5f62af23e840e27f04cceb345235cb31c2d0863a184c0ac0ec3266a9fa7564ecebb2bebe555f9a0c1a02b41aaa011aada42abf2747e0f4ad2eddcdbb6b56449a
Score10/10-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE WBK Download from dotted-quad Host
suricata: ET MALWARE WBK Download from dotted-quad Host
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-