General
-
Target
USX16,082.10XSwift.docx.doc
-
Size
10KB
-
Sample
230221-qf3f1seh32
-
MD5
6735d0c45ca69ea598bda6fdd9c2cc62
-
SHA1
7ef80d7b65e5c30517f1b5c8f7e1be00bfa6f461
-
SHA256
e4dc9cb9964c7f525c257d9a56c3e2f0774d14b0ae9f2df7b49ae1293016d6e1
-
SHA512
82820b67b03916b488713cb9b5cbf7f5e96ca1f8e521d565f8dd075ea96eca13d8f378cccc13cc1e5b80f424e69cdac428b73a126f9a65f37fcce175b75b0ea6
-
SSDEEP
192:ScIMmtP0xfUW70vG/b3kgOi4OU7us+1pReDnc37f0F:SPX+si10ni4OIyeDnMr8
Static task
static1
Behavioral task
behavioral1
Sample
USX16,082.10XSwift.docx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
USX16,082.10XSwift.docx
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://WEEEERRRRRRRRRRRPPPOOOOSSSSSSSOOOOOPPWEEEEEEEOOOOOOOCCVVVVVVVVOVVVVVVVVVVVVVVVVOOOOOO@392074340/O-OO.DOC
Targets
-
-
Target
USX16,082.10XSwift.docx.doc
-
Size
10KB
-
MD5
6735d0c45ca69ea598bda6fdd9c2cc62
-
SHA1
7ef80d7b65e5c30517f1b5c8f7e1be00bfa6f461
-
SHA256
e4dc9cb9964c7f525c257d9a56c3e2f0774d14b0ae9f2df7b49ae1293016d6e1
-
SHA512
82820b67b03916b488713cb9b5cbf7f5e96ca1f8e521d565f8dd075ea96eca13d8f378cccc13cc1e5b80f424e69cdac428b73a126f9a65f37fcce175b75b0ea6
-
SSDEEP
192:ScIMmtP0xfUW70vG/b3kgOi4OU7us+1pReDnc37f0F:SPX+si10ni4OIyeDnMr8
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-