Behavioral task
behavioral1
Sample
0562a2df06412fc0038afca2d27c4b1428681a518015cd2fd823df9b55db21f9.pps
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0562a2df06412fc0038afca2d27c4b1428681a518015cd2fd823df9b55db21f9.pps
Resource
win10v2004-20230220-en
General
-
Target
694b37ca1d29f2eedb4d408834c885e7.bin
-
Size
30KB
-
MD5
44b9c30f314a3f9f93383e4fc0017559
-
SHA1
d8c5f063b34d5dc8eefe922c8ba4fa47a1fe4420
-
SHA256
168e4c0d84ec95ff4aa2e5867342f751a8633fa65529326e27f64302b0a855d1
-
SHA512
5b244d0eae94a278ef20a6f09dc246b32ae81cb2b165cd328679e8abb7910e0e5f9ce87c5dfaff26ce9b86971c0526a849e7a5d328d3eff5c51beb6a23d917bb
-
SSDEEP
768:H/aF8zBIEBnftwVWA37u1dV07kEbvER34PZkgp:H/aF0dFwTqTVihb8pkZkg
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack001/0562a2df06412fc0038afca2d27c4b1428681a518015cd2fd823df9b55db21f9.ppt office_macro_on_action
Files
-
694b37ca1d29f2eedb4d408834c885e7.bin.zip
Password: infected
-
0562a2df06412fc0038afca2d27c4b1428681a518015cd2fd823df9b55db21f9.ppt.pps .ppt windows office2003