Behavioral task
behavioral1
Sample
16006327d92e105ab47ff32bf5a8e398f5f4fdf9c0e68299a34f832bfebe6a8a.xls
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
16006327d92e105ab47ff32bf5a8e398f5f4fdf9c0e68299a34f832bfebe6a8a.xls
Resource
win10v2004-20220812-en
General
-
Target
16006327d92e105ab47ff32bf5a8e398f5f4fdf9c0e68299a34f832bfebe6a8a
-
Size
1.7MB
-
MD5
381cb08f3d3b4ee1929b5c065129d55e
-
SHA1
ecc238ead27a2d6d3a46ab023c58fcf4a358fa36
-
SHA256
16006327d92e105ab47ff32bf5a8e398f5f4fdf9c0e68299a34f832bfebe6a8a
-
SHA512
d08369b88928b9d7f3fbe8ad39250af4e1634bafdfedfbea88a3973a7dd9508b06a99a07dcd447bf23f9272e480e870e4b512409f0575e1201a34890559c8688
-
SSDEEP
24576:+2fr7wNAfRG7h619uf61VB/jvyhdnow4a8TsWh4xCr9W1N:+2TcQGV6Du4T/DWGxa7X
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule sample office_macro_on_action -
Processes:
resource sample
Files
-
16006327d92e105ab47ff32bf5a8e398f5f4fdf9c0e68299a34f832bfebe6a8a.xls windows office2003
xlsBook
modHTTPServerCaller
cHandleEvents
modInternetConnectionState
modUpd_Templ_HTTP_Request
TSH_et_union_vert
modUpdTemplMain
modInvokeHTTPServer
modUpd_Templ_Defines
modServiceModule
modUpd_Templ_Caller
TEHSHEET
TSH_et_union_hor
modGlobals
modDefine
modClassifierValidate
IMessageWindow
modScrolling
modfrmReestrMR
modRegion
List00
List01
modHyp
Wrapper
TSH_REESTR_ORG
modAnimatedFormsGlobals
AllSheetsInThisWorkbook
frmReestr
Instruction
modUpdTemplLogger
modfrmDateChoose
ListComm
ListCheck
modReestr
modfrmReestr
MessageDialogue
List02
frmRegion
frmReestrMR
List03
modThisWorkbook
modfrmCheckUpdates
modInfo
frmSheetReference
frmCheckUpdates
modComm
TSH_REESTR_MO
modList03
frmDateChoose
modProv
modList00
modList01
modList02
Ice