General
-
Target
50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2.doc
-
Size
210KB
-
Sample
200213-g9j2dsz23x
-
MD5
6dea422353dc997a4d850f560d3e78e2
-
SHA1
3f80cc67602701f0e5afc1601659dd2275cb92aa
-
SHA256
50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2
-
SHA512
5d40ddcea474d4cb6d5b98b113f59f8f393f0fe3a9fcd2655ba98fe97210c03a313643f08d5745aed981fdbec61c52a69bf0201eff1d1ffc156dd4c7b0171582
Static task
static1
Behavioral task
behavioral1
Sample
50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2.doc
Resource
win7v191014
Malware Config
Extracted
http://chanke.lixinyiyuan.com/wp-content/uploads/NpdQNm93/
http://tinhdauvn.com/xc1dj/VD/
http://www.vetibourse.com/logs/5wuD36572/
http://www.tour2cn.com/29/nK5/
http://izhline.net/logs/DvZ63/
Targets
-
-
Target
50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2.doc
-
Size
210KB
-
MD5
6dea422353dc997a4d850f560d3e78e2
-
SHA1
3f80cc67602701f0e5afc1601659dd2275cb92aa
-
SHA256
50f04e399268abdf3e3686c956a3d8fe0b3dca393c350c8a4acbe5d819aa6fc2
-
SHA512
5d40ddcea474d4cb6d5b98b113f59f8f393f0fe3a9fcd2655ba98fe97210c03a313643f08d5745aed981fdbec61c52a69bf0201eff1d1ffc156dd4c7b0171582
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-