General
-
Target
document_00980.doc
-
Size
18KB
-
Sample
221123-j6qrksbh9s
-
MD5
aff328a66fdc5b3e1233e34ea52b5210
-
SHA1
944592196bd7042fe76dd72af790be102106e79a
-
SHA256
1407bcb68789cb9850c5006301431cc9d1536cf6c8e63a97eb50ba11cd724ddb
-
SHA512
7bcc02d424de8e754aa4372ebd12cda6cd229053bf4f27ba4d9c712e41bf5ea064279677931bfb29532c43fced550cfbfd122fc4da531b34808f24e97ed82bac
-
SSDEEP
384:J43W5XH6i1kVYAlJGusEGKVOWQn5sQwzFz6ty1JCeVhSRK6XMu6:em5XHf2VYeUusEGKVdQuVzR6U1JHhmXG
Static task
static1
Behavioral task
behavioral1
Sample
document_00980.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
document_00980.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
dcn0
ZVx68vDtAMBCwg==
oBMBvsNORkM/O/ox
Ff9pISWkm6eG4lByIspp
c2T42c6CIIF6B8xTxm9XzpVw
bvjhxRbnAC183w==
0lTttSNG4HUDNflyIspp
hPXFlstqiHA/O/ox
WLR+MeerxZ0cNn1ja+IQAYo=
IHRn4xXOVKi477zarG+ObSy7YJA=
Xhf3e+tdAC183w==
Xk0ZAezv2rWH
kngo+vBeSRN7AszNwam3Osmguuqc0MoC
a2Qp7a+E8fSw7LDjpnqEKjsRZA==
3zjy4E7+QM48wg==
YcCmqT3OUNAigVott2pBKiy7YJA=
4+SMeX1juat/5cZ1AZihcyy7YJA=
/+m7sro0OBTl3TMpCw==
i2ctEfe4//a64yklMsgS2J90
+loZ2QKGX0UWgpvErMs=
b9BNCnJWQJS8IfsR0uR3bCy7YJA=
9eiUYE0ynHE/O/ox
F2/75pOIYNg0hzOD99192J8=
Y1xOONdO105okfha33EZ2A==
qYZIIB+dfF0wp1nVWFz067hJ2/qoXEVeAA==
moQMzat7tfKyKPYs
aMZJI/NfUSSpPQUBJ8/11g==
QKMN15GjpHcpyA==
6+S1hTvphhFfoCdj6tw=
DPynhWcnZWho7a0p33EZ2A==
EXY//zDm7ej3Guwo
PSWxPYkk0SNioSdj6tw=
jv+tmhv1ySZloydj6tw=
P8GUV5BhNZflCCBBFg==
IQZ0PWog1lcVVkJYHg==
aOTCq/Cet6AdhSdj6tw=
OBzJrqYS+eac46nZo4aI84kWMEtH
kBzTkbI2LTo/O/ox
a8pwOrU/tyx93a/QrGBpXGQIfZI=
GWoC9K5Mx0GR34urFcDPyQ==
dGxKGM2FI4iAkTOD99192J8=
UqQv8Vkx7WzkCCBBFg==
NcBsPK+YmdZP0cyhY+Lrzw==
zcKbk5oK7NCgFOpa4tHv0g==
uIomFkUTzdWa
QkAF8NuWMZmnPjCFgJBa+Y1t
51w6Gw7c3NyY
IyDnsW89dXaMrAxotF8jGZc=
1s1RHCrCwI8PnVhMY+Lrzw==
zBnRazUUWCsrM5t0SEth
1z4R/XM98Wn3j1RMY+Lrzw==
h3b34yQL3cI8wg==
/+27PhUTzdWa
CO0jnOIoAC183w==
Cn8jz+pyZEfWCCBBFg==
jI4f4NnKFwoSUb4YbnkzePzLv+Sc0MoC
xZnrS1Y+5Sxv1g==
phjYsTTGW8zAMydj6tw=
v7JcJyW3x64phzOD99192J8=
tBJ+Uh3sJxYqbyvrfF6BKjsRZA==
xRTxyfuTgMhGxg==
6ceNTfir2qmQHtxWwqIrI8GQ7h/Te/A2CA==
00gVx7d5/U5soCdj6tw=
Jgvgt58H8MFLfBzTp1VZXCe2ZYg=
1NKRY1QTzdWa
ahmedo.ch
Targets
-
-
Target
document_00980.doc
-
Size
18KB
-
MD5
aff328a66fdc5b3e1233e34ea52b5210
-
SHA1
944592196bd7042fe76dd72af790be102106e79a
-
SHA256
1407bcb68789cb9850c5006301431cc9d1536cf6c8e63a97eb50ba11cd724ddb
-
SHA512
7bcc02d424de8e754aa4372ebd12cda6cd229053bf4f27ba4d9c712e41bf5ea064279677931bfb29532c43fced550cfbfd122fc4da531b34808f24e97ed82bac
-
SSDEEP
384:J43W5XH6i1kVYAlJGusEGKVOWQn5sQwzFz6ty1JCeVhSRK6XMu6:em5XHf2VYeUusEGKVdQuVzR6U1JHhmXG
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-