Behavioral task
behavioral1
Sample
9e6dfe7648c26f0e6fbaad203203dcc1338ca72046717700b4d4943d5dc47a21.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9e6dfe7648c26f0e6fbaad203203dcc1338ca72046717700b4d4943d5dc47a21.xls
Resource
win10v2004-20221111-en
General
-
Target
9e6dfe7648c26f0e6fbaad203203dcc1338ca72046717700b4d4943d5dc47a21
-
Size
1.7MB
-
MD5
354580c5c73292b5e139231bb932307e
-
SHA1
b95ce81a4804cb7501531d7b014336a318fa3b86
-
SHA256
9e6dfe7648c26f0e6fbaad203203dcc1338ca72046717700b4d4943d5dc47a21
-
SHA512
0effdfa9d91e60c8c7ae0e5036313ef6f2464d1eae0c6ecadc66206dc6ed89716aff02b552985610bf22136b561e5beaba3e99edadf4c5cafb8ca7caafd785ed
-
SSDEEP
24576:5ym7rTIFAXLhPnwEx0cRSKvFDhkSwsaAD+Dl6F2yTGGjZ:5ymf8MFPwENUKtNF1a09
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule sample office_macro_on_action -
Processes:
resource sample
Files
-
9e6dfe7648c26f0e6fbaad203203dcc1338ca72046717700b4d4943d5dc47a21.xls windows office2003
xlsBook
modHTTPServerCaller
cHandleEvents
modInternetConnectionState
modUpd_Templ_HTTP_Request
TSH_et_union_vert
modUpdTemplMain
modInvokeHTTPServer
modUpd_Templ_Defines
modServiceModule
modUpd_Templ_Caller
TEHSHEET
TSH_et_union_hor
modGlobals
modDefine
modClassifierValidate
IMessageWindow
modScrolling
modfrmReestrMR
modRegion
List00
List01
modHyp
Wrapper
TSH_REESTR_ORG
modAnimatedFormsGlobals
AllSheetsInThisWorkbook
frmReestr
Instruction
modUpdTemplLogger
modfrmDateChoose
ListComm
ListCheck
modReestr
modfrmReestr
MessageDialogue
List02
frmRegion
frmReestrMR
List03
modThisWorkbook
modfrmCheckUpdates
modInfo
frmSheetReference
frmCheckUpdates
modComm
TSH_REESTR_MO
modList03
frmDateChoose
modProv
modList00
modList01
modList02
Ice