General
-
Target
b8be31db3cf8fa74d86929a303a2ae714fb928211f14b777f4a63f2bd1854929.doc
-
Size
84KB
-
Sample
200315-ywnwdtnkfn
-
MD5
43d2a3df73fdcb10b9429a480d96ddcf
-
SHA1
806d56933c8bb8ec187c0da1be37424582b97801
-
SHA256
b8be31db3cf8fa74d86929a303a2ae714fb928211f14b777f4a63f2bd1854929
-
SHA512
f1443679436643c0177bfa1ab84b72293fa547c622382e03e4de198d13581c93bd854159e2f2e5ed901a6f35d47519c938de601edb0a345fe94252760167ce44
Static task
static1
Behavioral task
behavioral1
Sample
b8be31db3cf8fa74d86929a303a2ae714fb928211f14b777f4a63f2bd1854929.doc
Resource
win7v200217
Malware Config
Extracted
http://blog.bctianfu.cn/4
http://mail.vcacademy.lk/5nLo
http://lamemoria.in/2ib2Pt
http://tropicalislandrealtyofflorida.com/NNqM7W
http://businessarbitr.ru/E
Targets
-
-
Target
b8be31db3cf8fa74d86929a303a2ae714fb928211f14b777f4a63f2bd1854929.doc
-
Size
84KB
-
MD5
43d2a3df73fdcb10b9429a480d96ddcf
-
SHA1
806d56933c8bb8ec187c0da1be37424582b97801
-
SHA256
b8be31db3cf8fa74d86929a303a2ae714fb928211f14b777f4a63f2bd1854929
-
SHA512
f1443679436643c0177bfa1ab84b72293fa547c622382e03e4de198d13581c93bd854159e2f2e5ed901a6f35d47519c938de601edb0a345fe94252760167ce44
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-