PO[.]zip | Triage

Sharing

General

Target

PO.zip
Size

665KB
MD5

3ac03c3b8c9efb4b8ae79198a1626bd4
SHA1

d9fb10fc0126e99d3c6d0ad48b11219fca6e5e21
SHA256

949d794a8e3902bb7dc8c94046bbf4dbfc2fa1766325cd9a398263241cc35789
SHA512

56f1f8b02e1c4fe3ce08fb9ab606c20c855eb1acad1a271c2223c37ed2c7124084d95600ef56a9b2efc6e2a039800a9d58e21d6887da929a43523bea91c775df
SSDEEP

3072:2IFb4Wmkqke+cEeqH9vH+i2s1Vj8JxuLVpMs75XLKZvX:2Oykqk6Lw+i2s1Vjkxuxp/QvX

Score

8^/10

macro macro_on_action

Malware Config

Signatures

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

Processes:

resource	yara_rule
static1/unpack001/PO.doc	office_macro_on_action

Suspicious Office macro 1 IoCs
Office document equipped with macros.
macro

Processes:

resource

static1/unpack001/PO.doc

Files

PO.zip
.zip
PO.doc
.doc windows office2003

ThisDocument

Module1