Overview

overview

8

Static

static

8

PROTOCOLE ...KI.doc

windows7-x64

1

PROTOCOLE ...KI.doc

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quarantined Messages.zip

  • Size

    50KB

  • MD5

    7120fc8c0fccc74334d47ab7256951e1

  • SHA1

    9a120a7db646f70e79bf1f4a19b82a797ff84747

  • SHA256

    90c226cd34c895e1ca8b74b47c89de1fd6863d51d19c513135018f6c23ecf8a9

  • SHA512

    fd2bd4faff2a53f9384d0a516d07789bb677500173c10895da8c0474be0c3a5adb39494f9824bed19ab86348ce20e1bc6c7034342fd0d3630a6b2a317c6873fc

  • SSDEEP

    768:v7XvyW7d1IodUZjkCYUhsRcQVmxZ4tah0C00FDZJCnlGJHtBjbf:v7XxZiEUZjkssRHmZ4iwID7Cl8NBjbf

Score
8/10
macromacro_on_action

Malware Config

Signatures

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action

Files

  • Quarantined Messages.zip
    .zip

    Password: 123456

  • dee82ce1-552f-4530-8f19-08dbe51f6918/7223df26-aa99-10a1-85f1-3fc4c739d9ba.eml
    .eml

    Password: 123456

    • https://checkpoint.url-protection.com/v1/url?o=

    • https://checkpoint.url-protection.com/v1/url?o=https%3A//strictly-confidential.net/&g=YzI3MjI5MzZlYjhkYTYxOQ==&h=N2MxNDIxYjA4MjE4MTc3ZjIyYTkyYWI1MjQxZjZkNzllOGE5ZjU5NDlkMTQ3MjBhYTNhMzJjOTJhN2U4NTA1Nw==&p=YzJlOnBpYXNncm91cDpjOm86MzdkYTQ1MjBhNDVhY2M5NmI4NGY4NjA0ZWFhOGNhMGE6djE6aDpU

    • https://checkpoint.url-protection.com/v1/url?o=https%3A//strictly-confidential.net/&g=NTAzNWEzN2JhNmU5NTc2ZA==&h=NzM2NGYzNmYyNTgzMzhjYmYwOTdiNjRiYTQ5MjhjZDUxMjU1MWIyMWU5NzY1ZWRlOGRjZmMyZThkMmMwYzkxMg==&p=YzJlOnBpYXNncm91cDpjOm86NjE2ODNiODcxMzgyNzUwMTNmNmZjNjU4NzVjZTZmM2M6djE6aDpU

    • https://checkpoint.url-protection.com/v1/url?o=https%3A//strictly-confidential.net/&g=Y2I4YTVkOThjZjZjYTIzNg==&h=NTIyMzNkNjk0NzdlNTJkZjA2MDRkNDUxNjQxMTE2MDNiNTdmODJiZTZhMjRkYzhkMDAxMTQxNjgyZTAyMDc3Ng==&p=YzJlOnBpYXNncm91cDpjOm86NzEzYzIwMjZiYzVlMjYzZGVmNzc3YWU1YWIyZjFmMDM6djE6aDpU

    • https://checkpoint.url-protection.com/v1/url?o=https%3A//strictly-confidential.net/&g=NzgzZDY1ZDQ2OTJmMDdmMA==&h=OWQyZjcyNjU2ZDIyMzBlZDlmOTIwOWZiZGJkOTI0ZWM0NTMxODNlMTc4NzI0MjFjZjdhZWMyMzk1NzM3MDVkNw==&p=YzJlOnBpYXNncm91cDpjOm86NzEzYzIwMjZiYzVlMjYzZGVmNzc3YWU1YWIyZjFmMDM6djE6aDpU

    • https://checkpoint.url-protection.com/v1/url?o=https%3A//strictly-confidential.net/&g=YWUyOWVhY2NjMzYxYmY3ZQ==&h=YzEzZWUwMzQ2YTdiNDFiNWQ3MDhjNWViY2EyM2I2MmIzY2U2ZmQxYjNmMWY3YjU3YTliM2E3ODc1MDBlMDFkOA==&p=YzJlOnBpYXNncm91cDpjOm86NzEzYzIwMjZiYzVlMjYzZGVmNzc3YWU1YWIyZjFmMDM6djE6aDpU

    • https://checkpoint.url-protection.com/v1/url?o=https%3A//strictly-confidential.net/&g=NzIzN2VmNzQzZTJkOGQ2MA==&h=YmQ0ZTA4YTEyNjdiMmVmMjVmZGQ4N2U5ZGU1ODU4ZGE5YzBiNGIyMDhlODhmYWVjODFhMzIyYmZkNjFiYTU2Yw==&p=YzJlOnBpYXNncm91cDpjOm86NzEzYzIwMjZiYzVlMjYzZGVmNzc3YWU1YWIyZjFmMDM6djE6aDpU

    • https://checkpoint.url-protection.com/v1/url?o=https%3A//urldefense.com/v3/__https%3A/linktr.ee/petitegueule__%3B%21%21GFJHfw%21z5LKLYWJVyeBP4Z952Rv0rZ5BlfCrc-hZZT9mHg9ytRRxjb_DbnPdsEdhICQQ1o6XwMRAP2TLmXKCowmzL5V%24&g=OTk3ZjgxN2ZjMTM4N2M3YQ==&h=Yjk2ZWU3NzgwMjQ0Y2E5ZjhlMGVmNWNjNWZkMDRjNDZlOWI0YTFlYjk3YjFlNGZkNWRmODY0Njc2MmM4NDM0NA==&p=YzJlOnBpYXNncm91cDpjOm86NzEzYzIwMjZiYzVlMjYzZGVmNzc3YWU1YWIyZjFmMDM6djE6aDpU

  • PROTOCOLE UTILISATION FRAGMENTAIRE 2023 MISRAKI.doc
    .doc windows office2003
  • email-html-2.txt
    .html
  • email-html-3.txt
    .html
  • email-plain-1.txt