General
-
Target
837216bb9f9cda26fbebd58a078b6b16.docx
-
Size
16KB
-
Sample
240715-ptvgws1glm
-
MD5
837216bb9f9cda26fbebd58a078b6b16
-
SHA1
f8f72e714188e1f6afd09f7b7841437a5e8aee80
-
SHA256
007be9a71495d3adced6a8ff24250aa044384df75b9149b4fdcd9d3b8b609ed7
-
SHA512
14b72385cf8b462e8425d522368426f10dcab06b5b1be1cb1bf7ca3aad799545cd9f661c38ebafce9d478f1dec36b0324cdfd81695d2a7ec60bbb2aeefbb7624
-
SSDEEP
384:YyXg0/+HWos8PL8wi4OEwH8TIbE91r2fR4JYHviMvmbWNv:Ycg0SP5P3DOqnYJ22vlvmbWJ
Static task
static1
Behavioral task
behavioral1
Sample
837216bb9f9cda26fbebd58a078b6b16.docx
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
837216bb9f9cda26fbebd58a078b6b16.docx
Resource
win10v2004-20240709-en
Malware Config
Extracted
formbook
4.1
oi12
exobello.bio
boinga.xyz
animasriversurf.com
gamesflashg.com
hayatbagievleri.online
washington-living.com
july7.store
x-pod-technologies.com
farmhouseflaire.com
qb52aa.top
datasynthing.xyz
5v28n.rest
legacycommerceltd.com
mundodelosjuguetes.com
wjblades.com
z9b6g8.com
eskimotech.net
dreziuy.xyz
bestsolarcompanies.services
vertemisconsulting.com
rockinrioviagogo.com
acimed.net
tdrfwb.shop
xd4tp.top
bihungoreng19.click
tcnhbv301y.top
triumphbusinessconsultancy.com
menuconfig.store
seikoubento.com
defiram.com
bespokearomatics.com
yellprint.com
flickeringlc.christmas
aidiagnostics.xyz
ok66g.app
z3o6i8.com
dacoylomarkemilcajes.online
rummymeett.xyz
arazivearsa.xyz
crystalpalaces.store
qtsandbox.com
wkbbb.com
abusedcode.com
puzzle-escape.info
jagoboss.com
seguro-pagamento.life
luxindicator.site
mxtp.coffee
okumafishing.xyz
gaffelshop.shop
optimusgs.com
qtsandbox.com
bt365332.com
kernphoto.art
p0uhx.pro
agsaydinlatma.online
korbidholdings.net
nsservicescorp.com
healthcare-trends-22748.bond
xtraslot.link
travelblitarjuandabmtrans.com
linlinda.com
gnonhcav.xyz
05544.xyz
selalujadipemenang.com
Targets
-
-
Target
837216bb9f9cda26fbebd58a078b6b16.docx
-
Size
16KB
-
MD5
837216bb9f9cda26fbebd58a078b6b16
-
SHA1
f8f72e714188e1f6afd09f7b7841437a5e8aee80
-
SHA256
007be9a71495d3adced6a8ff24250aa044384df75b9149b4fdcd9d3b8b609ed7
-
SHA512
14b72385cf8b462e8425d522368426f10dcab06b5b1be1cb1bf7ca3aad799545cd9f661c38ebafce9d478f1dec36b0324cdfd81695d2a7ec60bbb2aeefbb7624
-
SSDEEP
384:YyXg0/+HWos8PL8wi4OEwH8TIbE91r2fR4JYHviMvmbWNv:Ycg0SP5P3DOqnYJ22vlvmbWJ
-
Formbook payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-