Static task
static1
Behavioral task
behavioral1
Sample
001_080524_321342344doc.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
001_080524_321342344doc.exe
Resource
win10v2004-20240426-en
General
-
Target
32cd55a9c9406d2b51abf59245ca85fd.bin
-
Size
677KB
-
MD5
e597daf9313827ca4edf0ef56247404e
-
SHA1
47af7c9d68160294ee4b2fd6376506c7bb47774c
-
SHA256
587608b7deabc32752d7025c00be16e7e548a3d0504f29c00194baddf84aaae3
-
SHA512
22a1d46b603b3ceceb20dff02634cd960de4cabb5d4e4df30b55212d961ccfa5fdff80aaf6d7cf707929f77b2abdfbeec61b85e7ff5fb1a86ffc62ef834eea28
-
SSDEEP
12288:s5qxes8fUPney1gk7rcoZsGpK+kor8NXOhS6huvfLvPDnm7m92XLC4z/gv/xzINn:s5nl+ik7Y8xp+NX6h6fDi7tXLC4zov/o
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack002/001_080524_321342344doc.exe
Files
-
32cd55a9c9406d2b51abf59245ca85fd.bin.zip
Password: infected
-
648d3143e38f628bcc0103c802fb3b78db5a724198deb053e6fae1e4efadb722.z.rar
Password: infected
-
001_080524_321342344doc.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ