General
-
Target
Invoice and Packing List.docx
-
Size
10KB
-
Sample
230404-qzhwqahb8v
-
MD5
77366ba07edd55058c59d80acc56d2f8
-
SHA1
d9f2a22cb7e55bcc38967de8f1802934af77209b
-
SHA256
91e84268a13b1d03dbf602c0ae560f7c883a6aff8ed7cef2f706f2197ab3caec
-
SHA512
bf0590b2cc1d50866995ed27413c15f71adec7778078ff8037e4eb995038bedc9cbc7b0a4ff3ae3359a2bc74747265d43b448c458a7d9cf4037b94491ab9eccb
-
SSDEEP
192:ScIMmtPGT7G/bIwXOVOQTi55SEzBC4vNq6sM63j8p:SPXuT+xXOVOQWnhlqHjw
Static task
static1
Behavioral task
behavioral1
Sample
Invoice and Packing List.docx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Invoice and Packing List.docx
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://00000000000OOOOOLLLLLLLL000000000000LLLLLLLOOOOO00000000000LLLLLLLOOOOO0000000000LLLLL00000000000OOOLLLLLLL@3221468051/x....xx.......doc
Extracted
formbook
4.1
ne28
basic-careitem.net
healstockton.com
groupetalentapro.com
geseconevent.com
adornmentwithadrienne.com
lazylynx.se
forestwerx.com
labishu.com
hilykan.com
beyondyoursenses.co.uk
inno-imc.com
driverrehab.online
mantlepies.co.uk
sicepat.net
kiwitownkids.com
infiniumsource.com
motorsolutionswithmakro.co.uk
6pg.shop
zijlont.xyz
corpusskencar.com
korthalsgriffonyorkshire.co.uk
hatchandneststudio.com
listestubenring.com
mynarcissist.co.uk
hfe2wr8zdi1.cfd
crackthecombination.com
cycw168.com
fren.pet
medicalcannabis.me.uk
locallooknh.com
dairecheese.com
celebrate.rsvp
foody-people.uk
11600yy.com
tuberider.africa
iamjlfreak.com
breadpartner.com
larrgestrreet.site
savethedateevents.uk
dongyoufood.com
jdmgarage.shop
commonthreadpatterns.com
ogadriver.africa
digitalfreakk.com
poshcompanyandsuites.net
gogh.live
easymediarealestate.com
brandpage.site
johnhallerconstruction.com
finemarken.com
dxyzcmag2020.com
greengrovetherapy.com
freshfruits.online
globalventureproject.info
themanxlobster.co.uk
conviord.com
goodpeoplegb1115.shop
christiesparis.com
pnc-verify-support1.com
cheerleader.social
forum-sanmonika.online
dulcescamus.com
thegolfteeshop.co.uk
dafabetvn.info
theredorchard.co.uk
Targets
-
-
Target
Invoice and Packing List.docx
-
Size
10KB
-
MD5
77366ba07edd55058c59d80acc56d2f8
-
SHA1
d9f2a22cb7e55bcc38967de8f1802934af77209b
-
SHA256
91e84268a13b1d03dbf602c0ae560f7c883a6aff8ed7cef2f706f2197ab3caec
-
SHA512
bf0590b2cc1d50866995ed27413c15f71adec7778078ff8037e4eb995038bedc9cbc7b0a4ff3ae3359a2bc74747265d43b448c458a7d9cf4037b94491ab9eccb
-
SSDEEP
192:ScIMmtPGT7G/bIwXOVOQTi55SEzBC4vNq6sM63j8p:SPXuT+xXOVOQWnhlqHjw
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-