Behavioral task
behavioral1
Sample
DRAFT DOCS INVCK2023M1903 BL PL.xls
Resource
win7-20221111-en
windows7-x64
19 signatures
150 seconds
Behavioral task
behavioral2
Sample
DRAFT DOCS INVCK2023M1903 BL PL.xls
Resource
win10v2004-20220812-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
DRAFT DOCS INVCK2023M1903 BL PL.xls
-
Size
1.3MB
-
MD5
b54c1c8fe2234c6c4703025bf8c5d3e8
-
SHA1
e553f7475fb8f8dc3d8305271898f378c2b4cec6
-
SHA256
b63a846d80c3f42ba49b24071706e928e782481a8e46190248cd609da8bec7eb
-
SHA512
4db3243a46ad4c8546a908f228364a27730f43fa6c18558fd4547496d7173488e27805f3bc2eb60da811070aec5a6260eeee6fd3d0e05b2cedfeecb695db3752
-
SSDEEP
24576:7LKMZyOZy8LKNZyyZy6Q8ToW0cwmnAoNa:7LK+5zLK3VHjTVwmPN
Score
5/10
Malware Config
Signatures
-
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule sample grizli777_cracked_office
Files
-
DRAFT DOCS INVCK2023M1903 BL PL.xls.xls windows office2003