General
-
Target
PO-INVOICE 3049314.docx
-
Size
10KB
-
Sample
221201-lvrkvaff54
-
MD5
5609c757190be5400e1ca6196e2c4e84
-
SHA1
0aae67a6930ad69971322e0b37c79503bf25c84c
-
SHA256
a39da5a13e7c397fb469d17657e1a597122b0a42aed49c2a53d6657aab92d232
-
SHA512
2b4fbe21639bc0b05b24cea4e8376d0d5af8af747eca7a04b94c75e12c12472bf9bd4f36b44b4e586f16a637d3769a4e4ecface740f062a32fb3def150df246e
-
SSDEEP
192:ScIMmtP8ar5G/bfIdTOvqj1namWBX8ex6y3p9t:SPXt4ATOSJnosMpL
Static task
static1
Behavioral task
behavioral1
Sample
PO-INVOICE 3049314.docx
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PO-INVOICE 3049314.docx
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://sdfjhjhjwuryuuyfdugufdgushfghdgfweryuufy@876515380/_______df_________-sdf_________0______/_____fsdf_______d--_-0_____.doc
Targets
-
-
Target
PO-INVOICE 3049314.docx
-
Size
10KB
-
MD5
5609c757190be5400e1ca6196e2c4e84
-
SHA1
0aae67a6930ad69971322e0b37c79503bf25c84c
-
SHA256
a39da5a13e7c397fb469d17657e1a597122b0a42aed49c2a53d6657aab92d232
-
SHA512
2b4fbe21639bc0b05b24cea4e8376d0d5af8af747eca7a04b94c75e12c12472bf9bd4f36b44b4e586f16a637d3769a4e4ecface740f062a32fb3def150df246e
-
SSDEEP
192:ScIMmtP8ar5G/bfIdTOvqj1namWBX8ex6y3p9t:SPXt4ATOSJnosMpL
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Abuses OpenXML format to download file from external location
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-