General
-
Target
Product-List.docx.doc
-
Size
35KB
-
Sample
230726-fn6hjahc48
-
MD5
1882861692ac02f14f37709ffabccfb4
-
SHA1
89ee2733e76117003ccbebe4d67a5665e93889d6
-
SHA256
17cc77dc779d4556755a6ca45a26565eb7c3efbeff7d973b9aeb9d167ebfe27f
-
SHA512
3f57f7b07b4b0580985194f2cb00e832558eacfde13abcabadc03b705b481b54d0b3fbb3af9880a1041dae50c067876bb551fba71508b7ea08d93517ae1c873e
-
SSDEEP
768:7IIS5f4ZyQlF4ADtIgglgUSDr4O685fiAB7368R04p53fiA74O61fiACW4O6Hvnf:7TY020tIRWr4gK6d04LKe4vKxW4tf
Static task
static1
Behavioral task
behavioral1
Sample
Product-List.docx
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Product-List.docx
Resource
win10v2004-20230703-en
Malware Config
Extracted
darkcloud
- email_from
- email_to
Targets
-
-
Target
Product-List.docx.doc
-
Size
35KB
-
MD5
1882861692ac02f14f37709ffabccfb4
-
SHA1
89ee2733e76117003ccbebe4d67a5665e93889d6
-
SHA256
17cc77dc779d4556755a6ca45a26565eb7c3efbeff7d973b9aeb9d167ebfe27f
-
SHA512
3f57f7b07b4b0580985194f2cb00e832558eacfde13abcabadc03b705b481b54d0b3fbb3af9880a1041dae50c067876bb551fba71508b7ea08d93517ae1c873e
-
SSDEEP
768:7IIS5f4ZyQlF4ADtIgglgUSDr4O685fiAB7368R04p53fiA74O61fiACW4O6Hvnf:7TY020tIRWr4gK6d04LKe4vKxW4tf
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-