shipping doc[.]xls | Triage

Sharing

General

Target

shipping doc.xls
Size

1.6MB
MD5

9281a044182796eb8cb475c9d848b22c
SHA1

f022f15ecb7d248b643db4bd69137abbbfd1d135
SHA256

3076cb6e292d99f4a945ef56d63ce7b234215177fe8fae47b1811fc5503fc2dd
SHA512

0a4613195ba29268eff93094349637a7d75c1aed7232d982c1d2f7704ff5171a3ae9c49ae169f1df5858be16a9071191182bf915e21037a73bec4ed9fd81aaf4
SSDEEP

49152:ND+O/J9ED+O/J9HD+O/J91D+O/J9ExZRUhd6iPBUkilVh/:NDpxODpxBDpxPDpxixfCd/PBUFbp

Score

5^/10

macro

Malware Config

Signatures

Document created with cracked Office version 1 IoCs

Office document contains Grizli777 string known to be caused by using a cracked version of the software.

Processes:

resource	yara_rule
sample	grizli777_cracked_office

Files

shipping doc.xls
.xls windows office2003