General
-
Target
doc_230.doc
-
Size
23KB
-
Sample
220805-ae97gadgaq
-
MD5
bddec1adf7efc6b52d78f793cc5a84c8
-
SHA1
fbc3b3a4003a73067ad612171c3342063cc9bf2b
-
SHA256
4d3823da1dc741d7b575341842e7a23b2c4a28265c17b75034f5c34006979bbd
-
SHA512
524d7b272fdf9eabd84c2c9bb4bde6430b659ef3f4cf1905b2b3660b3e215ca915c07a9460beb73e5cab962bfd9bf998afa89a1a007665ce2445a3c19f517685
Static task
static1
Behavioral task
behavioral1
Sample
doc_230.rtf
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
doc_230.rtf
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
doc_230.doc
-
Size
23KB
-
MD5
bddec1adf7efc6b52d78f793cc5a84c8
-
SHA1
fbc3b3a4003a73067ad612171c3342063cc9bf2b
-
SHA256
4d3823da1dc741d7b575341842e7a23b2c4a28265c17b75034f5c34006979bbd
-
SHA512
524d7b272fdf9eabd84c2c9bb4bde6430b659ef3f4cf1905b2b3660b3e215ca915c07a9460beb73e5cab962bfd9bf998afa89a1a007665ce2445a3c19f517685
Score10/10-
Modifies system executable filetype association
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Registers COM server for autorun
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-