General
-
Target
070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89.doc
-
Size
235KB
-
Sample
200213-eljtcvm3h6
-
MD5
14268de9d52cfce166ebf8482e9d3934
-
SHA1
dfe2cabeb04434a6b82efe8c01f4ba49cbfeb34d
-
SHA256
070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89
-
SHA512
9f656bb06b3a84c35266fab00514102da3e9cd76dcc832bfc74713625190ad5e5ff187c22fe2a3d0cae8d7cd47237c36bda784cfa828b50aa13afa4874b4aa57
Static task
static1
Malware Config
Extracted
http://ta-behesht.ir/images/Provx00a/
http://tatcogroup.ir/wp-admin/UC/
http://tcpartner.ru/wp-includes/nr8/
http://tepcian.utcc.ac.th/wp-admin/SquR/
http://ourproductreview.in/pokjbg746ihrtr/a1kzwc/
Targets
-
-
Target
070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89.doc
-
Size
235KB
-
MD5
14268de9d52cfce166ebf8482e9d3934
-
SHA1
dfe2cabeb04434a6b82efe8c01f4ba49cbfeb34d
-
SHA256
070ff04b9114219b723258f78497332f09f7cc6cd3775f2d7b66eb6920da8c89
-
SHA512
9f656bb06b3a84c35266fab00514102da3e9cd76dcc832bfc74713625190ad5e5ff187c22fe2a3d0cae8d7cd47237c36bda784cfa828b50aa13afa4874b4aa57
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Drops file in System32 directory
-