Resubmissions
General
-
Target
macro-docs-2024-5-22.zip
-
Size
866KB
-
Sample
240525-ad3e8sfg4v
-
MD5
ec215cee96db0f37817fb75d6085dcbc
-
SHA1
46fd33bb6e137d33b7ee507ce63126257020bbe2
-
SHA256
fa693c2c4da1b0e6cda555af16e6b3abbe3333ccc1de2582bc2ba95467d026de
-
SHA512
b71ecdd51f615fd05acdf05d86096fd5f730ac8aa974de6e640a1270fea0fb144e9b6b778cbb85e03fa2cabb43a0bcf1548e5342ea7d2cc20e806c8d0b3931c4
-
SSDEEP
12288:Fa2YCriXCJeijA21jYjc+ZHqow5Y0M+hlNK/TBrZfKiaxAclXQfPhYmhhvPiHn8c:Fanzijh63OYjKNKvKB1lXMPhbnGF
Malware Config
Targets
-
-
Target
macro-docs/Secret Lair Blueprint.doc
-
Size
34KB
-
MD5
f65f9fcc1f3cc7f941f5712ae8d5e628
-
SHA1
51213cdecb7f06022af4d03b0a54f7e2dcb6bde5
-
SHA256
e25318dd73c4e483519ac99bcfbf5e66aa5026b601ebe0520e7cb5e0053353d0
-
SHA512
fb6c0f2b731d25b7ed23a21469ad178e058fc3e2b39865cb73b0b6da33c93886bf8dc6a9e40e21044e64e46085eda2ac7ca95006f758f1a74063bcdba2fa8bbd
-
SSDEEP
384:tDhX1q1iSJPw+QD1OujNzCx9ZKBHy50jH5t:5hX1p+kDNWZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
macro-docs/Secret Lair Blueprint.xls
-
Size
34KB
-
MD5
6295f74f09ae1764d973e65edd472c96
-
SHA1
4904a15f512f5616243710577813222b3b5030f5
-
SHA256
2f939020c6cf59299aeb299ed20136211ce22f31c996a39f5d3e5a809398e926
-
SHA512
0349e52ff7124dec9fbf4196f0f20807a43de3ac28ecfe048a2cadbeef2148f530534006a78f101c7471f41ab2c94999a123b0431f5cbacdb40e63e7033ff711
-
SSDEEP
768:JdeSFsv66g3KnF439NKC54kkGfn+cL2XdA83wY3/6wL6mci:JoSFsv66g3KnF439NKC54kkGfn+cL2X3
Score1/10 -
-
-
Target
macro-docs/Secret Society Membership Dues.xls
-
Size
34KB
-
MD5
33e35497c65b331b10f01bdaeb058585
-
SHA1
ab32c4207ceb492a2c282360bf17e99bbd875b2c
-
SHA256
89654d5b8b4d071c4c5a1761666438f2d577ba9fe63e4d7b857aa9c02a76c355
-
SHA512
91908e5de4b2c28c727a1bc4c4f5f741da2d8bab04d26356658d94859909159604dfcc621b655956d691828251ac010a23b17926e31fbbb7d56e109be20b79a2
-
SSDEEP
768:0/kSFsv66g3KnF439NKC54kkGfn+cL2XdA8NwxU6mW6mci:5SFsv66g3KnF439NKC54kkGfn+cL2XdS
Score1/10 -
-
-
Target
macro-docs/Sorcery R&D Budget.xls
-
Size
29KB
-
MD5
25b8e1756822865677819b2c5df2e1ae
-
SHA1
4d43b02db0088eede6365070c3337a4a7b8377a0
-
SHA256
88abc0762b3e332e511b70ea6abb6955c808341871d180e6eacd1bb5aef6fc3d
-
SHA512
5e16dd0150f85d82fb9cb84255e4e7a8f2a8141624a254caa128495bb86af8438c7e5b32423d28e66739f5857b056438e2eca4e86876e92af9b8b084754b95ed
-
SSDEEP
768:XxwSFsv66g3KnF439NKC54kkGfn+cL2XdA83w8Tsu:qSFsv66g3KnF439NKC54kkGfn+cL2XdV
Score1/10 -
-
-
Target
macro-docs/Space Pirate Code of Conduct.doc
-
Size
35KB
-
MD5
68d4f76f21989ad5f436524797d20d0f
-
SHA1
2ed571d9d60392c9b68c879afcf55de10647e5d4
-
SHA256
4366e13f17143f0481f157c35ae2b827da3a7a4f4987afedea9a6f1aff228491
-
SHA512
61752bbf188fed4334e4158966d3cfe19e879cd3eaa226728ad4df597b50957a46810baba290c5ea2332b7c6fb7e82997eb67be41ddd4a92cd284dfff95ecac3
-
SSDEEP
384:V7hYB59zViSJPw+QD1p7850jWDtXDyGK:Nh8S+keJr
Score6/10-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
-
-
Target
macro-docs/Space Pirate Code of Conduct.xls
-
Size
34KB
-
MD5
22eddfb2ef7840d63fe049b70226e957
-
SHA1
f92b4fb84e7a164b27b65e2eff390fd1015f9cbe
-
SHA256
3f1564a4ea3e098805802d53cf6b43b97e5f8b0d1442f68adba9eea8bcf5da04
-
SHA512
590033896dcadc11394d0517f9c49d7621239098e15bd78d122970e9838c86ccf93894bdfecafbffb51f91a35c743b2ac7f234cb763fafb60d9ef291789ab0c6
-
SSDEEP
768:dYeSFsv66g3KnF439NKC54kkGfn+cL2XdA81FEwghZmE6mci:dTSFsv66g3KnF439NKC54kkGfn+cL2Xi
Score1/10 -
-
-
Target
macro-docs/Superhero Identity Database.doc
-
Size
32KB
-
MD5
6bf6f096db4db9b46aea41f8b31d8ab8
-
SHA1
3624c1841b665ffaead8425809b328ce2aeb8124
-
SHA256
9c266ec6609ab0697291cad2a105b5a4f2aab30254831cf31e33db0625169797
-
SHA512
d6305067468aab0f62a0aea6576155e2ec09301b819d06729162b7542a14ea38fb3f36adc83f8e3ef8981394e30a59a927a00690b6c4c17c9c88a04ee56ae8ce
-
SSDEEP
384:JU7jlG33GiSJPw+QD14gq60Wm3sJp50jAst5axT:W7e+kVYwj
Score1/10 -
-
-
Target
macro-docs/Superhero Identity Management.doc
-
Size
34KB
-
MD5
accae0350105e7ac02bf3b3e1df21c07
-
SHA1
20470ac822402896db8f228f6e1e57d92e18edda
-
SHA256
4be60000988af6572f89f2270c328a83e5ae3e247152c177a1f5d35f15f81955
-
SHA512
4a9519d3e963f0c22b53a7fbbc9c248efa67e2bcb2fb44bf4ba9b33d1a0e1cd32d18bf6b81dccceb37d87f7043a4b5138ac87fd334642bccb197a40c71573d5a
-
SSDEEP
384:TV9ta6iSJPw+QD1QHOxAzbb1BkF50jaet:J9++k9Ae
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Drops file in System32 directory
-
-
-
Target
macro-docs/Superhero Identity Management.xls
-
Size
34KB
-
MD5
dbf6a16eabcb23cae8f656600bec3af8
-
SHA1
932d7fedde24c33e7a92459cdcf3376f042e82f3
-
SHA256
910ad0c2948cd81e3ec65f1f1f6d2647af2d14f2fc15c4a56621ea52ca5ee748
-
SHA512
e7dd302c8b247eff3f193aeecc017e09a3e45e700f7808fb6fcc86f08b95550eb4a7f637abb747451203fc844d2858e8cd3e3ee2c85377a10af5eee1722baed6
-
SSDEEP
768:veSFsv66g3KnF439NKC54kkGfn+cL2XdA85wAeBHJ6mciHS:2SFsv66g3KnF439NKC54kkGfn+cL2Xdf
Score1/10 -
-
-
Target
macro-docs/Teleportation Device User Manual.doc
-
Size
32KB
-
MD5
86381cda4379a40dadbb248062f1c5c5
-
SHA1
3792887344d2bfba17c8f3f14c4a31a5ecf4017e
-
SHA256
1f7f96a924ef9950e22d636bc004ad62357eb91ccd050c5ac04ce00755b20835
-
SHA512
8bacbbb494a4b0c835ced703dead33312cc271ea61d4da748a8e37d0b82d96084fe0dd6716a4c418e4084991a21b8b50aab2a7f09b114a769b2d8fabe19e4aec
-
SSDEEP
384:SztTvZxiSJPw+QD1x2PtPQUWnB50jDstKw:QlQ+kYlcb
Score4/10 -
-
-
Target
macro-docs/Time Travel Experiment Results.xls
-
Size
29KB
-
MD5
7cdffa4b3542265ea78b18bc69c4409d
-
SHA1
5fb0cbf5bdb2d1eab86c5fe7aa11977bd2025370
-
SHA256
5603b40bd0bc7f69dece29f9a1d88b06898b222f04a2ae66ffbb391e430282aa
-
SHA512
78f7934ef3a2d28eefdd8be546b95206d50ffff091f9500b156332efb9161d19bd0855c4de74cfce55853048ba9c5dc30d3996af35d963bbbfdff4018255a54b
-
SSDEEP
768:ODwSFsv66g3KnF439NKC54kkGfn+cL2XdA8DwT1su38:1SFsv66g3KnF439NKC54kkGfn+cL2Xdo
Score1/10 -
-
-
Target
macro-docs/Top Secret - Dinosaur Cloning Progress.doc
-
Size
32KB
-
MD5
67372c5db2e44f18f80b00de7eaea7d2
-
SHA1
eb2bbe4d8d195cd40ae3552ebbc321b750c4cc29
-
SHA256
7edb413a29de2d7909453e1d354faf4249e4787bc8f5405089d15a057db6da3d
-
SHA512
42d74b90b54b0f9c0d53645a9fa531e5c321786e4719a585c90185bb9ec5855e70ed41e51df5f602b62e69c02d1a96e863c07dce3acd8936080ef32d8b3f18c3
-
SSDEEP
384:4SyAjgMfiSJPw+QD1rFM5JcekS50jpstH7+:XyA8+kh4Tv/
Score4/10 -
-
-
Target
macro-docs/UFO Abduction Expense Report.doc
-
Size
32KB
-
MD5
28339b89921f268fda506e426ae4204e
-
SHA1
93f07829d30d466ea7bd844028892ac294763d34
-
SHA256
eb56583140848441a045bbbfda89cfe0b251ca78e1205793208d533c67e717c8
-
SHA512
ec9413c92a5bf1f0cd813d48b10f92c8c2755c91f339093d0fd922a2f0ce8f700d4b87c0b373ab127c97b5995c92d78f3311468a2086279685fe14ded879f895
-
SSDEEP
384:5wl8XAiSJPw+QD1IPucv++kCY50jXstOa:6l83+k+rXy
Score4/10 -
-
-
Target
macro-docs/Unicorn Adoption Guide.doc
-
Size
34KB
-
MD5
ccf3536e144c5f5ef27bd9a02fd4d8c8
-
SHA1
1d9731c2dd75aba7f4997d581f86c1bd3616620d
-
SHA256
2bfe41f302582423492cd162bcb52f9d8ef1adf638e02d09d6f6dfa057a3c867
-
SHA512
0d3fbd73108ce49d9192c7dda06f9902e0a7c51b20be4d9e1d120500a165b5788ec2474c953549917328ced59b3167cc8e2d1bf5cd876b9898b1aeb0dbb9962b
-
SSDEEP
384:aaz1dmLiSJPw+QD1E5jAYz+9BHX50jB5tBk:t1+kNYS
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Powershell Invoke Web Request.
-
Drops file in System32 directory
-
-
-
Target
macro-docs/Unicorn Adoption Guide.xls
-
Size
34KB
-
MD5
acbdf014b589d0a34c3fac65e146f08b
-
SHA1
426fcb0a1f05bdd25215a18886990362272100da
-
SHA256
91b785ad5c3f3042e787d3f4f14c7cc8de23571ef87f515738637e9a041be2b9
-
SHA512
82e9e691587b84aeff21c022f38c7226858387d43a60d3f814888b6311c4fbc55705beb1eaeb0cacd928b4ad51e4a460591a34329791459a31f6dee174aa4b6f
-
SSDEEP
768:jeSFsv66g3KnF439NKC54kkGfn+cL2XdA8Zkw0OCZr/qjfJd6mci:ySFsv66g3KnF439NKC54kkGfn+cL2Xdj
Score1/10 -
-
-
Target
macro-docs/Unicorn Population Census.doc
-
Size
32KB
-
MD5
e59a16ba652e810cf09ea1e1cc3e1711
-
SHA1
e136f3bb3ad93f2ff49f8712aefca3ade5c354f6
-
SHA256
3dcdaeb83e0dd75263b8206e15ba60c1848c3c9ccf0ead21933ade48ff96ebb8
-
SHA512
e45bf06d2ce507cec3c364e8575d0ac478473486bd38508db96046a3e47cb474aa71ea8aa4f49c3d35bbdb9194d735b45a85c93b3b96cdf276567b0f2dad1dbe
-
SSDEEP
192:PpQLcjHF6wZEvAqADsu6/6rJ984woO+QHj1qqadLeubE3gGsD49+kCg50jM/stfO:Pp7FiSJPw+QD1qqwbVw+kCg50jEstXM
Score4/10 -