Sample File: MD5 hash: ba1618a981f755eb752aa5dc90bd70a4 SHA1 hash: a3b6e33901ffc15d15e2f3abae98c6da48727454 SHA256 hash: a703dc8819dca1bc5774de3b6151c355606e7fe93c760b56bc09bcb6f928ba2d SSDEEP hash: 196608:WEHZYtulHyQiaalIFVAa8oPe5Nxhq1gMqnDORSGa:vmtulHF7b4a8GeFhYqnea Filename(s): VPIyNbbmtoYiYfrB.doc Filetype: Word Document Mutex IOCs: - None - Registry Key IOCs: HKEY_CLASSES_ROOT\Licenses HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\VbaCapability HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\RequireDeclaration HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\CompileOnDemand HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\NotifyUserBeforeStateLoss HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BackGroundCompile HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnAllErrors HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common\BreakOnServerErrors HKEY_CLASSES_ROOT\TypeLib HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\9 HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64 HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun HKEY_LOCAL_MACHINE\Software\Microsoft\Windows HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help\VbLR6.chm HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\VbLR6.chm Domain IOCs: insiderppe.cloudapp.net IP IOCs: - None - URL IOCs: - None - File IOCs: Filenames: C:\Users\FD1HVy\AppData\Local\Temp\VBE WINHELP.INI C:\Users\Public\docer.doc C:\Users\Public\Python37\ Normal C:\WINDOWS\SYSTEM32\cmd.exe C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL C:\Users\FD1HVy\Documents C:\Users\Public\smile.zip MD5 hashes: d41d8cd98f00b204e9800998ecf8427e ba1618a981f755eb752aa5dc90bd70a4 SHA1 hashes: a3b6e33901ffc15d15e2f3abae98c6da48727454 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 hashes: a703dc8819dca1bc5774de3b6151c355606e7fe93c760b56bc09bcb6f928ba2d e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDEEP hashes: 3:: 196608:WEHZYtulHyQiaalIFVAa8oPe5Nxhq1gMqnDORSGa:vmtulHF7b4a8GeFhYqnea