imp fplders - Copy[.]rar

Resubmissions

29/01/2024, 08:55

240129-kvg6qsffdr 10

Sharing

Copy URL Twitter E-mail

General

Target

imp fplders - Copy.rar
Size

3.6MB
MD5

b1f07bcb42aade13d7419cf34972f204
SHA1

1f0bc15ad789b05c24b6f25fc7d5536e5590e323
SHA256

59924ce465496f03066c57699b294ba149fde21cc2727e8c1caf97151dad89f3
SHA512

eddf80b8d65caddc8718cd034be6831d1bd843640a480c7950cd8fe3c9685308556ade29ae1cbbfaa389162652baa1a425449a838d823b0ace356231e29a35f2
SSDEEP

98304:Jooch8iruH4un0CjfxdJNkwDsUzlodV8GwcKNU7:JoxWivunjNPpzlor8q

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/imp fplders - Copy/MSL MANAGEMENT STOCK OUT,IN BOTH.2024/MSL Outward & Gatepass 4.0.xlsm

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/imp fplders - Copy/POSIFLEX WORKING FAULTY DETAILS 2023/POSIFLEX WORKING FAULTY DETAILS 2023.exe	autoit_exe
static1/unpack001/imp fplders - Copy/mac code fru and spare/mac code fru and spare.exe	autoit_exe

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/imp fplders - Copy/POSIFLEX WORKING FAULTY DETAILS 2023/POSIFLEX WORKING FAULTY DETAILS 2023.exe
unpack001/imp fplders - Copy/mac code fru and spare/mac code fru and spare.exe

Files

imp fplders - Copy.rar
.rar
imp fplders - Copy/GET PASS NEW FOLDER/GET PASS TNB7 3.docx
.docx office2007
imp fplders - Copy/GET PASS NEW FOLDER/GET PASS-93.docx
.docx office2007
imp fplders - Copy/GET PASS NEW FOLDER/GET PASS-94.docx
.docx office2007
imp fplders - Copy/GET PASS-93.docx
.docx office2007
imp fplders - Copy/MSL MANAGEMENT STOCK OUT,IN BOTH.2024/MSL Outward & Gatepass 4.0.xlsm
.xlsm office2007

ThisWorkbook

sheet3

Sheet7

Sheet4

Gatepass

Sheet2

Module6

Sheet1

Sheet5

Sheet6
imp fplders - Copy/MSL MANAGEMENT STOCK OUT,IN BOTH.2024/Stock Management 3.0.xlsm
.xlsm office2007

ThisWorkbook

Sheet1

Sheet2

frmForm

Module1

Sheet3

Sheet51

Sheet5

Sheet6

Module2

Sheet10

Sheet11

Sheet9

Sheet8

Sheet4
imp fplders - Copy/PI REPORTS 2024/CMSL PI REPORTS 02 January 2024 - - Copy.xlsx
.xlsx office2007
imp fplders - Copy/POSIFLEX WORKING FAULTY DETAILS 2023/FAULTY POSIFLEX MATERAILS DETAILS AUG 2023 .xlsx
.xlsx office2007
imp fplders - Copy/POSIFLEX WORKING FAULTY DETAILS 2023/POSIFLEX WORKING FAULTY DETAILS 2023.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ordata
Size: 128KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
imp fplders - Copy/POSIFLEX WORKING FAULTY DETAILS 2023/Posiflex Open PO for FY 23-24.xlsx
.xlsx office2007
imp fplders - Copy/POSIFLEX WORKING FAULTY DETAILS 2023/posiflex working stock 2023.xlsx
.xlsx office2007
imp fplders - Copy/Raipur_CMSL_Daily_Report Raipur -19 DECEMBER 2023.xlsx
.xlsx office2007
imp fplders - Copy/TVSL TRANSACTION DATA NEW 2023 .xlsx
.xlsx office2007
imp fplders - Copy/VENDOR MAIL DETAILS .xlsx
.xlsx office2007
imp fplders - Copy/cntral data new call formate hp sm/New Call Format.. NOVEMBER 2023 - .xlsx
.xlsx office2007
imp fplders - Copy/jio point stock .xlsx
.xlsx office2007
imp fplders - Copy/mac code fru and spare/SAP416_FRU.xlsx
.xlsx office2007
imp fplders - Copy/mac code fru and spare/SAP417-SPARE.xlsx
.xlsx office2007
imp fplders - Copy/mac code fru and spare/mac code fru and spare.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ordata
Size: 128KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
imp fplders - Copy/mat code dont use/MSL DATA 2023.xlsx
.xlsx office2007
imp fplders - Copy/surya sir data/IT Asset MSL Stock details-NA61&S033 28-Dec-23.xlsx
.xlsx office2007

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ThisWorkbook

sheet3

Sheet7

Sheet4

Gatepass

Sheet2

Module6

Sheet1

Sheet5

Sheet6

ThisWorkbook

Sheet1

Sheet2

frmForm

Module1

Sheet3

Sheet51

Sheet5

Sheet6

Module2

Sheet10

Sheet11

Sheet9

Sheet8

Sheet4

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 495KB - Virtual size: 495KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 11KB - Virtual size: 90KB

.rsrc Size: 90KB - Virtual size: 89KB

.ordata Size: 128KB - Virtual size: 148KB