Behavioral task
behavioral1
Sample
EFB5D3FD0CA7FB5BA1A1E7E88B8492B0D43A4E121326B03B7851CDF1D0730EC7.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
EFB5D3FD0CA7FB5BA1A1E7E88B8492B0D43A4E121326B03B7851CDF1D0730EC7.xls
Resource
win10v2004-20230220-en
General
-
Target
EFB5D3FD0CA7FB5BA1A1E7E88B8492B0D43A4E121326B03B7851CDF1D0730EC7
-
Size
1019KB
-
MD5
904198ed96ec4ce6d011c037a2713fe4
-
SHA1
f025a41592eace75cff3d67c1c090dfcdbe2fd9b
-
SHA256
efb5d3fd0ca7fb5ba1a1e7e88b8492b0d43a4e121326b03b7851cdf1d0730ec7
-
SHA512
47aed404192373e26cf89bd80f5182caf9d58fb28f5788f61b99de8224d9afe0e551315f7f4eac5eca0341e50834a6616d536d05af965243c441f153046d5d77
-
SSDEEP
24576:2Fe4LFRBXm6FeD5hqLbm61CeEVG06M1/DRXXXXXXXXXXXXUrXXXXXXXXXXXXXtXY:WFp+Y1kZ6Mv
Malware Config
Signatures
-
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule sample grizli777_cracked_office
Files
-
EFB5D3FD0CA7FB5BA1A1E7E88B8492B0D43A4E121326B03B7851CDF1D0730EC7.xls windows office2003