General
-
Target
dd2d8c10197dcca0cab06edd9aad785d8b5c2d49427afd1bea9b1c40b84729e8
-
Size
220KB
-
Sample
201028-j3rngb9lw2
-
MD5
6d7b7ee7fa9b8215c87b29106ff02597
-
SHA1
c4478453bc4a0f74dc609b99e2ece98795f75db3
-
SHA256
dd2d8c10197dcca0cab06edd9aad785d8b5c2d49427afd1bea9b1c40b84729e8
-
SHA512
31bf55a279c81e8b45205702933f567940417c02e1e1f925f8288441ad2c8f47303e61f53173cd57c900fb4e2ec8fb9afa80df0713715f3bc49be140f0aafec3
Static task
static1
Behavioral task
behavioral1
Sample
dd2d8c10197dcca0cab06edd9aad785d8b5c2d49427afd1bea9b1c40b84729e8.doc
Resource
win10
Malware Config
Extracted
http://www.panoramafe.com/slabbing/bBkdFoF96m/
http://www.enolil-loo.com/agillawood/CZafm/
http://www.394509.com/biogenesis/ab/
http://oluwatomiwa.com/mail.oluwatomiwa.com/T/
http://mansa.com.vn/myographist/zRf6yPRec/
http://asianprosource.com/verb/rdB6m/
http://khangnguyen.store/wp-includes/theme-compat/eSIyT/
Targets
-
-
Target
dd2d8c10197dcca0cab06edd9aad785d8b5c2d49427afd1bea9b1c40b84729e8
-
Size
220KB
-
MD5
6d7b7ee7fa9b8215c87b29106ff02597
-
SHA1
c4478453bc4a0f74dc609b99e2ece98795f75db3
-
SHA256
dd2d8c10197dcca0cab06edd9aad785d8b5c2d49427afd1bea9b1c40b84729e8
-
SHA512
31bf55a279c81e8b45205702933f567940417c02e1e1f925f8288441ad2c8f47303e61f53173cd57c900fb4e2ec8fb9afa80df0713715f3bc49be140f0aafec3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation