Behavioral task
behavioral1
Sample
28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc
Resource
win10v2004-20230220-en
General
-
Target
28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc.zip
-
Size
163KB
-
MD5
ae45e8894a929683ca1b048c61099728
-
SHA1
666615fba529b3143a4dcf59f494f5598f37810b
-
SHA256
f01fa5992e33212148b2b57b7a027066e183edaca8e6c2bb031824766fcafdf5
-
SHA512
e6cfe8824481286137fce10d0aafc3c2c09e99404d8464cf775f97df199be894f79ba2371b1be4a69d854a11d75d9dfd5899aae95a5f4af93fc1182e8957e36d
-
SSDEEP
3072:Hn48Kle9DFhVuva/TKpSbNSC7MHeRQPi/rnusHVxuRzqoacZknBHsuaDZV2rxhmC:Hn48aejTuva/TK0bzgHeiPkH/uRzFdZU
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack001/28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc office_macro_on_action -
Processes:
resource static1/unpack001/28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc
Files
-
28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc.zip.zip
Password: infected
-
28876a11ade2b3fd8159f6b24b0508305eaedea70919893103b806784c271473.doc.doc windows office2003
luLjEkMGApw
BjTKNwTCQwizji
jApvZnashGPFjR