b01e9e7e49fb36e7757e691df9cd8c61b5fd1936300715c757178a32e259b810 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

OfficeSetup.exe

windows10-ltsc_2021-x64

8

Sharing

General

Target

OfficeSetup.exe
Size

7.2MB
Sample

250328-btzvqasnw7
MD5

29d5d38d66b57bbc99f833265592278f
SHA1

432085379e8033e162f2fbfec17c1adadfa9f723
SHA256

b01e9e7e49fb36e7757e691df9cd8c61b5fd1936300715c757178a32e259b810
SHA512

141bff0f4af5a9da82f34fa9be8335dca5ce7c1dc9a3dcfe66c75ae94199f22c613c86a3ec1eac9aa1be81a596d133b244d3196eca7068abe602bfa94e430059
SSDEEP

196608:f5xhhzQhjG+59FThbOTx+MMp8T5nfI5dqICpZo3MpOTiK/ImaI6HMaJTtGbH:3hJsjG+5jUTxnY8cdqpGIe

Score

8^/10

discovery link macro pdf xlm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OfficeSetup.exe

Resource

win10ltsc2021-20250314-en

discovery link macro pdf xlm

windows10-ltsc_2021-x64

23 signatures

900 seconds

Malware Config

Targets

- Target
  
  OfficeSetup.exe
- Size
  
  7.2MB
- MD5
  
  29d5d38d66b57bbc99f833265592278f
- SHA1
  
  432085379e8033e162f2fbfec17c1adadfa9f723
- SHA256
  
  b01e9e7e49fb36e7757e691df9cd8c61b5fd1936300715c757178a32e259b810
- SHA512
  
  141bff0f4af5a9da82f34fa9be8335dca5ce7c1dc9a3dcfe66c75ae94199f22c613c86a3ec1eac9aa1be81a596d133b244d3196eca7068abe602bfa94e430059
- SSDEEP
  
  196608:f5xhhzQhjG+59FThbOTx+MMp8T5nfI5dqICpZo3MpOTiK/ImaI6HMaJTtGbH:3hJsjG+5jUTxnY8cdqpGIe
Score

8^/10

discovery link macro pdf xlm
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverylinkmacropdfxlm

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.