Behavioral task
behavioral1
Sample
Message-5170127.doc
Resource
win7-20230220-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
Message-5170127.doc
Resource
win10v2004-20230220-en
windows10-2004-x64
12 signatures
150 seconds
General
-
Target
Message-5170127.zip
-
Size
720KB
-
MD5
a061be238a373c7470bcefbc431203f1
-
SHA1
358484af2b40609951e66634cbd3209f1f14d39d
-
SHA256
8ed606fe3b8a930e7a50f48b48329594a37baa3cde85fbb3fdc62991eb2a41e4
-
SHA512
69ec3f798958b94cc69e36ab21ce881672f87559465d8efbe49d4aa923c68929dd72e0bf53e6717ba94519528e74ed7b77b3b9b875da65186c700f5241f8dfdc
-
SSDEEP
6144:UwZnDlMy6O3qKmCRUe1B5uLqcHfVDNUV3nJGM+BTf:ntDlb6IqXCRUe1BTcH8VIM+Vf
Score
8/10
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack001/Message-5170127.doc office_macro_on_action -
Processes:
resource static1/unpack001/Message-5170127.doc
Files
-
Message-5170127.zip.zip
-
Message-5170127.doc.doc windows office2003
ThisDocument
Module1