General
-
Target
TT COPY.docx
-
Size
10KB
-
Sample
230418-pca2xsda5v
-
MD5
203710bc0e0624b09b275728fbdcc851
-
SHA1
03f2a721c42620e88db33bbdd648ac80cf62d61a
-
SHA256
14ab213d36780ff40199bd6b4d7238e4027b5c961bdae32775d7d3a99b362aba
-
SHA512
fbcf224ca6aa4ce56d343b005ff88b0a72013c51324a44391fe3740c798c88002cf6267c1ea508abaac115559095c3a5076dbcdb7e3da8955167754cb40e5d97
-
SSDEEP
192:ScIMmtPGT7G/bIwXOVON075SEzBC4vNq6sM63Ap:SPXuT+xXOVOkhlqH8
Static task
static1
Behavioral task
behavioral1
Sample
TT COPY.docx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TT COPY.docx
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%22IIOOOWOEOEOEOEOEOEOISISODOEOEOEOODOOOOOOWWOWOQQQOWOWOWOWOIIIDIIFIFIWOEOEOEOIFIDIFODFI@2901801939/e/%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23.doc
Targets
-
-
Target
TT COPY.docx
-
Size
10KB
-
MD5
203710bc0e0624b09b275728fbdcc851
-
SHA1
03f2a721c42620e88db33bbdd648ac80cf62d61a
-
SHA256
14ab213d36780ff40199bd6b4d7238e4027b5c961bdae32775d7d3a99b362aba
-
SHA512
fbcf224ca6aa4ce56d343b005ff88b0a72013c51324a44391fe3740c798c88002cf6267c1ea508abaac115559095c3a5076dbcdb7e3da8955167754cb40e5d97
-
SSDEEP
192:ScIMmtPGT7G/bIwXOVON075SEzBC4vNq6sM63Ap:SPXuT+xXOVOkhlqH8
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Drops file in System32 directory
-