General

  • Target

    Officesample.zip

  • Size

    189.3MB

  • Sample

    240327-m5qa7saf97

  • MD5

    d0759f4cf37b8f2af1cdc1f9a3425c1b

  • SHA1

    73f461ac743f544ad3bfd9b72a86ea422b001011

  • SHA256

    1c42f2f3c5c890651be771c2d7a9e98818f76c4f5373f1568b959ea4be0ecd91

  • SHA512

    c23158614702737ccc988501ffcd634c30ed0c756a4f1af2509c1def69aedd53ab5560a846fcb2dbb63b1144eb91728e59f3baf7091cda3ee16618839eb62051

  • SSDEEP

    3145728:9Dl36cwr/gFvf1WemGSxnEYXnoyvtezXQAHlTw69CIaNXYa8FlCd7:yAhSxnE0oFk6lTwsCIoIaWw7

Score
8/10

Malware Config

Targets

    • Target

      Office 2016 四合一精简版/!)安装.cmd

    • Size

      7KB

    • MD5

      1a72a64da5226d0cf0774556aa504035

    • SHA1

      b824ebfff3cda65562144daedcebbc18c69031dc

    • SHA256

      9a5c3c1e420fe447d8fe5571f5932873132282f3f79d38c9b84d87c54b7b74f5

    • SHA512

      af5255d9b6c88c7d2417b1bb56414cced73ef37f1f272f0941ce9cb6e50977c6ba1e4d5f23e5386c0bb58316ce36761b0fa181cd37386c706314c7084604f055

    • SSDEEP

      192:8lKu4uNQQdtDezftzjzBzerzatzqzoz8OUawwMzfj:8lKut7defdnZefadMmhJMv

    Score
    8/10
    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Target

      Office 2016 四合一精简版/ospp/7za.exe

    • Size

      626KB

    • MD5

      d49a49a5539668eae7cd2a336282e81e

    • SHA1

      b3b6bc6da9d5d91deacb29cbda2ceae97f483c7c

    • SHA256

      888fe6d40f75d823f2fa2a97edd0e23df53bd449daf1ec161cc0732ddf2cd6ca

    • SHA512

      b1fb668bbef17d3cc5025bdbab48fe86ecfe7dc2d88eed53a5bb8812ab1120f45bddcb1c04222103f93e935d43d08b1df43eff9e3ed0beeab612192abcb6d3e4

    • SSDEEP

      12288:nBvbmnP2juzUEhb1EUswJOVoq2QMIFnWrn/4qnOq9AK:nFmPnVblsUQCIorn/4qOq

    Score
    1/10
    • Target

      Office 2016 四合一精简版/ospp/FR.exe

    • Size

      190KB

    • MD5

      6433e404f52d99784571146f5167c333

    • SHA1

      e340ebd1f97afc0ff01f93702eaecbd404141ebc

    • SHA256

      d320fa68736305a605b0b17747ac2002f42b09146cb302509805a974bc38b32f

    • SHA512

      57168e20518b1ef556b2e12e24d635a0df392728a4b3214be0192d3432846cd5942367b3e62c58a6f514974a69354049b7870c54432b5171faf6adb10e95a10f

    • SSDEEP

      3072:9pL6i8RXa+nCAQQhL+mgIlTLu/mi1Zy225k7YGxbICs20HnkW:9pL6bXpnpKulTqFglrGwBnk

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Office 2016 四合一精简版/ospp/OfficeKMS.bat

    • Size

      1KB

    • MD5

      9d597de5b51a1993d120e9786fe7ee75

    • SHA1

      14251ff3fe867b462bbfd33282fe96a7f4cc242e

    • SHA256

      3d49b12a45322b2b528a7d2d151c624f307cc8a7f299709bbd8c0631eed09867

    • SHA512

      f9fa989d66cec05c384634a3994a850148a409fb40af49cc248f6d3694c6361e3f917d2ab5adda5151ff4c8aeb830e8593162e4cbedc4c5c71f5ef80bf6e6f4c

    Score
    1/10
    • Target

      Office 2016 四合一精简版/更多好玩的了解一下.png

    • Size

      72KB

    • MD5

      b3fad034fedb6b4acfa246a5f33b82b5

    • SHA1

      5f29f1d59e33b41d270955e5c6b56b70a70597a6

    • SHA256

      39522e0da24b5ad5544608054cdb04ccee9ace6076551e5ad0024335ae8b3d4c

    • SHA512

      cf7019e019a27eeb54c4c97e66ef79e5a60f5c784ec65d593c25de84ea3ad249ab342f74fcf742d534cfe72c3559b01853e8f0df2876ec81b0c0def4b110c59b

    • SSDEEP

      1536:6nlFK3zWu+cBeh8o6zfP2vhlIQ3NPgZAp5MkKaACaD64PLoYPITC0+CaSg:ojcBFFH25D4mKa9M6cOC0+jb

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks