General
-
Target
tragedy.docx
-
Size
20KB
-
MD5
1a8b1eac80b01e18d3af392e2090d089
-
SHA1
f94b0893ecdeb5587e82ba892d3139d07eedc85d
-
SHA256
2ae6b028f9020b4c7b456fb4f5bd7e8f57bf61b67abc1fca7031bfd458ce00ab
-
SHA512
dde13000fcf0543480ee6f802642d88786edaa71df93acee20bed304f7f9f9926023b68f65066b82b64275300313af73c5db306696f0dd2ac48c0354b93033fb
-
SSDEEP
384:NiSKjiLuOPsElZqJ+gNE7mBpwcdndg72aEkRmhudj/hv/qjwAMm:NgGSSn8J9NfBpwcdndo0up/ZYWm
Score
8/10
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
resource yara_rule static1/unpack001/word/vbaProject.bin office_macro_on_action -
resource static1/unpack001/word/vbaProject.bin
Files
-
tragedy.docx.zip
-
_rels/.rels.xml
-
docProps/app.xml.xml
-
docProps/core.xml.xml
-
word/_rels/document.xml.rels.xml
-
word/_rels/vbaProject.bin.rels.xml
-
word/document.xml.xml
-
word/fontTable.xml.xml
-
word/settings.xml.xml
-
word/styles.xml.xml
-
word/theme/theme1.xml.xml
-
word/vbaData.xml.xml
-
word/vbaProject.bin.doc windows office2003
ThisDocument
NewMacros
-
word/webSettings.xml.xml