Overview
overview
10Static
static
8macro-docs...ps.xls
windows7-x64
1macro-docs...ps.xls
windows10-2004-x64
1macro-docs...al.doc
windows7-x64
4macro-docs...al.doc
windows10-2004-x64
1macro-docs...og.xls
windows7-x64
1macro-docs...og.xls
windows10-2004-x64
1macro-docs...rs.doc
windows7-x64
10macro-docs...rs.doc
windows10-2004-x64
10macro-docs...rs.xls
windows7-x64
1macro-docs...rs.xls
windows10-2004-x64
1macro-docs...gs.doc
windows7-x64
1macro-docs...gs.doc
windows10-2004-x64
1macro-docs...ns.xls
windows7-x64
1macro-docs...ns.xls
windows10-2004-x64
1macro-docs...es.xls
windows7-x64
1macro-docs...es.xls
windows10-2004-x64
1macro-docs...al.doc
windows7-x64
10macro-docs...al.doc
windows10-2004-x64
10macro-docs...al.xls
windows7-x64
1macro-docs...al.xls
windows10-2004-x64
1macro-docs...is.doc
windows7-x64
10macro-docs...is.doc
windows10-2004-x64
10macro-docs...en.doc
windows7-x64
1macro-docs...en.doc
windows10-2004-x64
1macro-docs...er.xls
windows7-x64
1macro-docs...er.xls
windows10-2004-x64
1macro-docs...ry.xls
windows7-x64
1macro-docs...ry.xls
windows10-2004-x64
1macro-docs...og.doc
windows7-x64
10macro-docs...og.doc
windows10-2004-x64
10macro-docs...og.xls
windows7-x64
1macro-docs...og.xls
windows10-2004-x64
1General
-
Target
macro-docs-2024-5-22.zip
-
Size
866KB
-
Sample
240525-amr1vsga51
-
MD5
ec215cee96db0f37817fb75d6085dcbc
-
SHA1
46fd33bb6e137d33b7ee507ce63126257020bbe2
-
SHA256
fa693c2c4da1b0e6cda555af16e6b3abbe3333ccc1de2582bc2ba95467d026de
-
SHA512
b71ecdd51f615fd05acdf05d86096fd5f730ac8aa974de6e640a1270fea0fb144e9b6b778cbb85e03fa2cabb43a0bcf1548e5342ea7d2cc20e806c8d0b3931c4
-
SSDEEP
12288:Fa2YCriXCJeijA21jYjc+ZHqow5Y0M+hlNK/TBrZfKiaxAclXQfPhYmhhvPiHn8c:Fanzijh63OYjKNKvKB1lXMPhbnGF
Behavioral task
behavioral1
Sample
macro-docs/Dragon Hoard Management Tips.xls
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
macro-docs/Dragon Hoard Management Tips.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
macro-docs/Dragon Training Manual.doc
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
macro-docs/Dragon Training Manual.doc
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
macro-docs/Fairy Wing Collection Log.xls
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
macro-docs/Fairy Wing Collection Log.xls
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
macro-docs/Ghosthunting for Beginners.doc
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
macro-docs/Ghosthunting for Beginners.doc
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
macro-docs/Ghosthunting for Beginners.xls
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
macro-docs/Ghosthunting for Beginners.xls
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
macro-docs/Ghosts in the Office - Investigation Findings.doc
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
macro-docs/Ghosts in the Office - Investigation Findings.doc
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
macro-docs/Goblin Gold Transactions.xls
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
macro-docs/Goblin Gold Transactions.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
macro-docs/Haunted Mansion Occupancy Rates.xls
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
macro-docs/Haunted Mansion Occupancy Rates.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
macro-docs/Hobbit Gardening Journal.doc
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
macro-docs/Hobbit Gardening Journal.doc
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
macro-docs/Hobbit Gardening Journal.xls
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
macro-docs/Hobbit Gardening Journal.xls
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
macro-docs/Hobbit Productivity Analysis.doc
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
macro-docs/Hobbit Productivity Analysis.doc
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
macro-docs/How to Tame Your Kraken.doc
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
macro-docs/How to Tame Your Kraken.doc
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
macro-docs/Interstellar Trade Ledger.xls
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
macro-docs/Interstellar Trade Ledger.xls
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
macro-docs/Invisibility Cloak Inventory.xls
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
macro-docs/Invisibility Cloak Inventory.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
macro-docs/Loch Ness Monster Research Log.doc
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
macro-docs/Loch Ness Monster Research Log.doc
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
macro-docs/Loch Ness Monster Research Log.xls
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
macro-docs/Loch Ness Monster Research Log.xls
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
macro-docs/Dragon Hoard Management Tips.xls
-
Size
34KB
-
MD5
90901002b8a58234dda277c158ba2e3a
-
SHA1
b818652e209db9f1ab86f9c2889759a6192b8b54
-
SHA256
0b5773386715cb058efd409581094221768e0272148ea23bfab1395fdb53ba48
-
SHA512
5d7b4baf5464a14c9dfedfeb4f02488693f848fe2147510dcb768fff08b2b8ac884af4f7d976f862420d04d890de680a53998edf025135b7509559fc2d20ff67
-
SSDEEP
768:/eSFsv66g3KnF439NKC54kkGfn+cL2XdA8dwMbLHYd8p6mci:GSFsv66g3KnF439NKC54kkGfn+cL2Xdx
Score1/10 -
-
-
Target
macro-docs/Dragon Training Manual.doc
-
Size
32KB
-
MD5
373b2e7623e14ffdb051050e7e6f62f0
-
SHA1
839a0939cefb17095246af066462b67dc5ddfc85
-
SHA256
18ddc8bce26f27260904c1ac9218ec0a38b9aaedb76549bef70d74d1ed18ef5a
-
SHA512
b190dfef6edcb8a3038c41a755e43b10c27936c429b619304c0ad90dad38a52df7cd16436400f8f7f883a003af484503ea086d826bcfae443f57ed95b8fa309c
-
SSDEEP
192:7UKeAHREZEvAqT0sK6/6rJ984woO+QHj1mzOWLTucz/gb2DuekM50jw/stUg6lfC:7U64iSJPw+QD1mz+csxekM50jostQlq
Score4/10 -
-
-
Target
macro-docs/Fairy Wing Collection Log.xls
-
Size
29KB
-
MD5
b67dd16b29cc3eb5745fa0023ea54c91
-
SHA1
1fb7babe6b45d39048f360c81314202ce89d9815
-
SHA256
768b12d1fb6cfdbe772984b363cfc8a1a8c6234dd3b2e0b6bc9d48077f8df921
-
SHA512
afa4a1ddd70d442d2e4db73a3bb5d49a5a0b1a87147233e66553537e73efabb90552fbe9c43c9a180c799085a70b6e282604a2e4585e6b05c3afe69b886b82f9
-
SSDEEP
768:RDwSFsv66g3KnF439NKC54kkGfn+cL2XdA8Hw3Ksm2:+SFsv66g3KnF439NKC54kkGfn+cL2Xdx
Score1/10 -
-
-
Target
macro-docs/Ghosthunting for Beginners.doc
-
Size
34KB
-
MD5
1196045cdcab84b5a5c64f022bc3fb68
-
SHA1
0615cf485a668ae95c6deba7d14c8f660efff461
-
SHA256
d0cf72c6a2c209973b38bcf5b2a92128f0667c0135df356a2952a9eecf15d6b8
-
SHA512
c249eebb1da35d6299774d2c2096377d2485bec6bbaaf982ad3b6b9e603e3e2487e3924ce35d01d696efaabc15347ac72557406343caaf172f3dca33147786ca
-
SSDEEP
384:pMEtRWkiSJPw+QD1aClzlfBc50j7Yet2:+Ec+kHlUqq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
-
-
Target
macro-docs/Ghosthunting for Beginners.xls
-
Size
34KB
-
MD5
d21b49e9a52d5679855bd1a3ffac94f2
-
SHA1
bc81b89fa91dbc1ab256bd1a7e2d94b50d46f92a
-
SHA256
281af520188669b7974c45c468e21ea2aa2081619222c669dd38b2b9903645b9
-
SHA512
19b370e03d5985b2c9443c5e16ae8aca03cfc75771ebed0877d32107008f81359ffe543107803b6dab2ac635137869059ec067b616eb946df90c7a4b16ca7fa5
-
SSDEEP
768:EeSFsv66g3KnF439NKC54kkGfn+cL2XdA80wUnDd06mci:XSFsv66g3KnF439NKC54kkGfn+cL2Xd/
Score1/10 -
-
-
Target
macro-docs/Ghosts in the Office - Investigation Findings.doc
-
Size
32KB
-
MD5
fd8bf55a7c1d5a24726a05fd70f8e12e
-
SHA1
8f08c4935b218e34206d9e115ada25fbe23640d5
-
SHA256
d92831f3678dac9554028f5746bf4a98531ab3d08f21169bae2d138285676865
-
SHA512
3182e82e93409397d8268dd90167da46af5eeebf9a0ca87fcd35969c6025402b4497e989cc068bfc5a9353efe465884f45f54f13eb3eaeb397f5c90b6aa3bcad
-
SSDEEP
384:PJIap0eiSJPw+QD1qlxkYTYry50jystRX:hM+k6CGp
Score1/10 -
-
-
Target
macro-docs/Goblin Gold Transactions.xls
-
Size
29KB
-
MD5
7bd34ef1335b4f1d23ffa6dc54869dd8
-
SHA1
2b17354813bdbfa478c54d9dd913a09442fc1a9f
-
SHA256
80a997df6d710cbbe2a9aa4f5adbd21e1999939aef912434d895edd074fe50d5
-
SHA512
4800567e1c547d25b02eea0deac3dad6a194b23516e88f6a02bc02814a9d3c2b280d56b049c3334862c297e35e526c4a892dcc23a31bae787d0f53a25d12478b
-
SSDEEP
768:SDwSFsv66g3KnF439NKC54kkGfn+cL2XdA80w2ysqJx:5SFsv66g3KnF439NKC54kkGfn+cL2XdP
Score1/10 -
-
-
Target
macro-docs/Haunted Mansion Occupancy Rates.xls
-
Size
29KB
-
MD5
0fd93bd17851e1286856b23bb07e6872
-
SHA1
ea00877322d4fc559e65c03458f8d407a5dc54d2
-
SHA256
1d0b4cb62be1c31bf857559e0cc44808301c79aee51b49d369d13b2fd273806c
-
SHA512
c24f65deedf603468605f65c0602a412b5ddecca61da968b802f65c9c7565309b48957c960e3cc36602ca0704ff6624d2ed5a09a5c9f431c963285075ec49a4a
-
SSDEEP
768:XMkSFsv66g3KnF439NKC54kkGfn+cL2XdA8GwUysOG:5SFsv66g3KnF439NKC54kkGfn+cL2Xd9
Score1/10 -
-
-
Target
macro-docs/Hobbit Gardening Journal.doc
-
Size
34KB
-
MD5
e59355a8900ba47ec58de881d3786693
-
SHA1
97a8903ebb321b1349636be665efbc09c4deb849
-
SHA256
939e3d4988b0e605622da90476538d5c8cc15ea8417b5836d3521f4e3057e9b9
-
SHA512
ade8a399323c9b8564b954b2af2aedb29c04bd4e42d149d999ede4d03ce86d5f6e18e0ecc4006ec74a7185dbeb69255b1680858060f457b3aac416e2b7d7f8ba
-
SSDEEP
384:RoWp6PiSJPw+QD1ghROgVzpxd4hBE50j9et:yw+k8Vj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
macro-docs/Hobbit Gardening Journal.xls
-
Size
35KB
-
MD5
03f55a2197b0517f784505a0066194cb
-
SHA1
1d5eb422fe768d627177079634067c9b9ae0a90a
-
SHA256
6a10d4188a4abb724d880b10a0d3e374dc225d77578b29e32b34f6f532eba1e0
-
SHA512
2536653b997767beaccdff3d72ddd9fb7035188f14c79aee809c0b5155dd9e399608fee6ec38a47193ba8df6c166c53e62693bd03ad017133a893baa7c38c96d
-
SSDEEP
768:DDwSFsv66g3KnF439NKC54kkGfn+cL2XdA8pwUzmrx6mjip:QSFsv66g3KnF439NKC54kkGfn+cL2XdJ
Score1/10 -
-
-
Target
macro-docs/Hobbit Productivity Analysis.doc
-
Size
34KB
-
MD5
84160003c2f2d7bbe218c0700b5e3e3f
-
SHA1
779a5a4859c72e8a6f89010bc768c630f44f58d6
-
SHA256
368ed1d9b0d8beab2d29591315cd6d70476a9255bc31e68f46138e71c52b5b16
-
SHA512
ef53ab063e99affbd3ea9b0cd771d69492f1bede609e9cd9b1c11d33db15659bf7cf4781b5fbbe37966b3364d2442a2a11cb606b2bb499c0ef81133670760969
-
SSDEEP
384:/48BIiSJPw+QD1pgYzaqBR9u50jH5ttd:gW+kWYrE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-
-
-
Target
macro-docs/How to Tame Your Kraken.doc
-
Size
32KB
-
MD5
ed7a350083916aaaaed3d3044b65b508
-
SHA1
db47ef11d20fe9cad164dbb73b4923a7ad59c1d7
-
SHA256
929e2e2020d2bbf08bb96547bc4feee931302d0ea480e3a278388e09e27cef8f
-
SHA512
2f502976043a1cb57f567919314ee3e1d7b867ed4c035ecbc648eb647bae2671e24e0df245de5ce80338e28f1dab20c758859761d65c360080997b88b3d3bb1c
-
SSDEEP
384:O1ykamiSJPw+QD14tnfFdkPAh50jdst+O:Gyku+kwfS6
Score1/10 -
-
-
Target
macro-docs/Interstellar Trade Ledger.xls
-
Size
29KB
-
MD5
17c2735c33c1672ae98702cbdd826108
-
SHA1
fc3ce6be15c9d698ac3c4469717aa274495b2cc3
-
SHA256
65b5bc54bc38aa59a16dc4cfed527ce43bdfa5a0e4bac59371db06d677b198b3
-
SHA512
07b3d08cb4511b0662905518463c623676250125691fa2c5c2bc83f23d0f2b8b0bdf071e10e65306c4ebab0fb0e85133a4e90a0502b7fabf97ab201ae6462128
-
SSDEEP
768:1DwSFsv66g3KnF439NKC54kkGfn+cL2XdA835wTYsDp2P:CSFsv66g3KnF439NKC54kkGfn+cL2Xd1
Score1/10 -
-
-
Target
macro-docs/Invisibility Cloak Inventory.xls
-
Size
29KB
-
MD5
b8720e893f31385d33027f7bec730b59
-
SHA1
7c86767435ec969faa237f60b8999292e8c0ce47
-
SHA256
1359dde099c0a67549df780921dad08433e6f4cc17e2b8a2533bb596e4b54997
-
SHA512
6e5c35e505a616144d63ae5f128f78603035e3024a2c18003fdf938666f88ed9afc239c528066edd45004d662d898fb6286f539aa1c60626ccbf41e7f4061b07
-
SSDEEP
768:sDwSFsv66g3KnF439NKC54kkGfn+cL2XdA81wXxsBjJ1:LSFsv66g3KnF439NKC54kkGfn+cL2Xdx
Score1/10 -
-
-
Target
macro-docs/Loch Ness Monster Research Log.doc
-
Size
34KB
-
MD5
3a18c5fb28a247ffa096836ad14e8409
-
SHA1
c476a52481ba5b7a77ec8adf01b1d28ea3fcd5cd
-
SHA256
5194f4a358da0c1a36ee7aae9d72d9f4d810ed7bfdf28b0ddf4b36ecf862535d
-
SHA512
93f323d89da7f40c09a56fa228c6b682f38f28032ee89cba1748acbd5fda85884302970b62d10ed6aebb943037ba3b1a7b8c4470ea10f2703773d8fce819b121
-
SSDEEP
384:Eiy5O6e7iSJPw+QD1xvlzWJBIX50jNet:nM+kBlVJ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-
-
-
Target
macro-docs/Loch Ness Monster Research Log.xls
-
Size
34KB
-
MD5
8501abd0b09ffdce7b751901baf9eee3
-
SHA1
1b876a5fe28975a067237a96842e0c2c304fd76b
-
SHA256
fb6df298d458bd1feb8a308c10119b3a26619397b947667d9a3a8412b63cfd24
-
SHA512
3b3a86fa9691393beb1246de0ceb5ec4f93d44e3b527657dbea8746d88364cc0b2cf3691d40653d7c38190f67a1207db5acccf259c8c33ff059a089aa1857036
-
SSDEEP
768:PDwSFsv66g3KnF439NKC54kkGfn+cL2XdA8GwI2fpCNQ6mci:8SFsv66g3KnF439NKC54kkGfn+cL2Xdz
Score1/10 -