Static task
static1
Behavioral task
behavioral1
Sample
Order_doc_3898934784389932787823637832893278.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
Order_doc_3898934784389932787823637832893278.exe
Resource
win10v2004-20240508-en
General
-
Target
18062024_1249_New_Order_xlsx.bz2
-
Size
28KB
-
MD5
e9297d8f85b351ca0575b4b722256631
-
SHA1
5b879282fd4674e19e67012b6dbe42ca6c529762
-
SHA256
31516782702f7eb5dba59fcb42c79e638f4de7a616d68a357baf8dc97c870a61
-
SHA512
cf87bc042a5a63759375dc70dd4e979d453e490170c264a8ef1116527bab6ea1543179aaf0950ae3cfdfd554a928514835bae4eb353b6ee5621bfcc232545dc8
-
SSDEEP
768:SEttryVpvbiH8Hz09lBo6xkRnOASt1Ms8bdN:SEttu/rzYjkGUpN
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Order_doc_3898934784389932787823637832893278.exe
Files
-
18062024_1249_New_Order_xlsx.bz2.rar
Password: infected
-
Order_doc_3898934784389932787823637832893278.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 71KB - Virtual size: 70KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ