Overview
overview
10Static
static
3Office_201...ll.exe
windows10-2004-x64
10Office_201...te.exe
windows10-2004-x64
7Office_201...re.xml
windows10-2004-x64
1Office_201...ll.xml
windows10-2004-x64
1Office_201...pp.exe
windows10-2004-x64
1Office_201...00.dll
windows10-2004-x64
1Office_201...pp.exe
windows10-2004-x64
1Office_201...00.dll
windows10-2004-x64
3Analysis
-
max time kernel
0s -
max time network
2s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 19:50
Static task
static1
Behavioral task
behavioral1
Sample
Office_2013-2024_C2R_Install/OInstall.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Office_2013-2024_C2R_Install/activate.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Office_2013-2024_C2R_Install/files/Configure.xml
Resource
win10v2004-20240319-en
Behavioral task
behavioral4
Sample
Office_2013-2024_C2R_Install/files/Uninstall.xml
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Office_2013-2024_C2R_Install/files/x64/cleanospp.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
Office_2013-2024_C2R_Install/files/x64/msvcr100.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Office_2013-2024_C2R_Install/files/x86/cleanospp.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
Office_2013-2024_C2R_Install/files/x86/msvcr100.dll
Resource
win10v2004-20240226-en
General
-
Target
Office_2013-2024_C2R_Install/files/Uninstall.xml
-
Size
59B
-
MD5
364f86f97324ea82fe0d142cd01cf6dd
-
SHA1
fc2a45da2ede0c018ab8e46044e6a25765c27d99
-
SHA256
09d5b42140bab13165ba97fbd0e77792304c3c93555be02c3dce21a7a69c66dd
-
SHA512
9b0a0944535e25c944e01bed1674efff119505292b176287c0dad3db70ffc4244cff21cccfd1fd94b09dd6d5f84221930b66b210101e482cc4bb5df3311a5fdf
Malware Config
Signatures
Processes
-
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Office_2013-2024_C2R_Install\files\Uninstall.xml"1⤵PID:3944