Overview

overview

8

Static

static

8

How-To-Ins...in.pdf

windows7-x64

1

How-To-Ins...in.pdf

windows10-1703-x64

1

How-To-Ins...in.pdf

windows10-2004-x64

1

TreePlan-E...11.xls

windows7-x64

1

TreePlan-E...11.xls

windows10-1703-x64

1

TreePlan-E...11.xls

windows10-2004-x64

1

TreePlan-E...10.xls

windows7-x64

1

TreePlan-E...10.xls

windows10-1703-x64

1

TreePlan-E...10.xls

windows10-2004-x64

1

TreePlan-G...79.pdf

windows7-x64

1

TreePlan-G...79.pdf

windows10-1703-x64

1

TreePlan-G...79.pdf

windows10-2004-x64

1

TreePlan-S...in.xls

windows7-x64

1

TreePlan-S...in.xls

windows10-1703-x64

1

TreePlan-S...in.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TreePlan-Student-179-Files.zip.7z

  • Size

    1009KB

  • MD5

    5e83305b6bf803fbf14908004d4957dd

  • SHA1

    cb52636c10a592b942d0847d4267d90c6696da2a

  • SHA256

    0a9a1e88137e6ac94b757c5d99c802ea22e4cf9e570af82598808f22df3479f2

  • SHA512

    60e55599a43cbe95ac60bf970dc3d19789a903f3c6f823c6eca3cabb3d78537f611d63e1f6452cf6f5570e08d08ec275e90af5626260bbfb59e98b5703e28328

  • SSDEEP

    24576:ExllVL+b4WzGCxDkI8npIGpoKUbhtv68JDtB1J0jidYmBZlNq:6vVYtCuklIGpoK8htvBTkj+bb

Score
8/10
pdflinkmacroxlm

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • TreePlan-Student-179-Files.zip.7z
    .7z

    Password: infected

  • TreePlan-Student-179-Files.zip
    .zip
  • How-To-Install-Addin.pdf
    .pdf

    • http://SensItSetupStandard145.zip

  • TreePlan-Example-179-Mac-2011.xls
    .xls windows office2003
  • TreePlan-Example-179-Win-2010.xls
    .xls windows office2003
  • TreePlan-Guide-179.pdf
    .pdf
  • TreePlan-Student-179-Addin.xla
    .xls .xla windows office2003

    ThisWorkbook

    Sheet1

    Module1Menu

    Module2Select

    Module3Shape

    Module0

    Module4Formulas