Extracted

• • Target

    AMGCargoLogistics.docx

  • Size

    41KB

  • MD5

    0112a3a3a61b27eba7bf614d17a6d856

  • SHA1

    298c2c179db6d7ed9e15c7cdb3f270190bf82002

  • SHA256

    f65eaefb709c5a70a8c188843d6140fd684e81cefd17012dbe11727dd6c1ae0c

  • SHA512

    4c935a9308107cc4fad1d50711be91a6e640a78ad75c4730413cf1302176600bc4a67392ec723ab006c61733b720a87d1915c46ed5caca6959f1fb1553122beb

  • SSDEEP

    768:AapOcaUYoirr1Tm0/aE+BFi1EtONHlnmncNz1gdUQ9Z1aoRuXpA+R:X+UHirr1Tm0/aE+O1EUFXz1kH1TEpf

  Score

  10^/10

  discoveryexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Abuses OpenXML format to download file from external location

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2