General
-
Target
lyft-d10193.doc
-
Size
132KB
-
Sample
200213-yvxqep26se
-
MD5
ef24bc5c50c7755fa6b4574128156d2d
-
SHA1
123fa2d6eed535f06d29e482a51986271369da77
-
SHA256
20faee2a8d4618002437bfcf80f4445bdb66c9b8323698a0f821f2600b1cde77
-
SHA512
b810d208db30bf8a490eed5cca636c217e44d73fd54c406f93131cb16bb71b533ccb65b0164b990f706a6f1edd84015aef21894985d2b9c7f88af28ebe01218b
Static task
static1
Behavioral task
behavioral1
Sample
lyft-d10193.doc
Resource
win7v200213
Malware Config
Extracted
http://neoneo-bg.site/hIeak.dat
http://neoneo-bg.site/geTask.dat
http://neoneo-bg.site/rTTj.dat
Targets
-
-
Target
lyft-d10193.doc
-
Size
132KB
-
MD5
ef24bc5c50c7755fa6b4574128156d2d
-
SHA1
123fa2d6eed535f06d29e482a51986271369da77
-
SHA256
20faee2a8d4618002437bfcf80f4445bdb66c9b8323698a0f821f2600b1cde77
-
SHA512
b810d208db30bf8a490eed5cca636c217e44d73fd54c406f93131cb16bb71b533ccb65b0164b990f706a6f1edd84015aef21894985d2b9c7f88af28ebe01218b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Drops file in System32 directory
-