Behavioral task
behavioral1
Sample
Quotation.xls
Resource
win7-20220812-en
windows7-x64
21 signatures
150 seconds
Behavioral task
behavioral2
Sample
Quotation.xls
Resource
win10v2004-20221111-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
Quotation.xls
-
Size
633KB
-
MD5
dac5ac774069414c354240cb0a83727a
-
SHA1
f944c7c6f17827ca975314de4929bd51bacb68c1
-
SHA256
6bc87d562d2667c71015dde859770f7ef5f0e10bc8b4c0291433ff806b4023aa
-
SHA512
e2ed859f50de228f1a9c072271698694dd5b3efe872779e8bb02b3b8a9673d7d47753d80ab4c0cbf9d6c5c4d8660f026c46957c30e7692c99a7c7d6786a76de3
-
SSDEEP
12288:QaFiKXKRVmzBZBAhAYyCFsgZuF3WB1iaf8wshOkp:lLKjmBghtFsIOWBJEw8p
Score
5/10
Malware Config
Signatures
-
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule sample grizli777_cracked_office
Files
-
Quotation.xls.xls windows office2003