General
-
Target
E1-20210112_1959
-
Size
157KB
-
Sample
210112-c1kz5eclpn
-
MD5
512c3b7b2e569cec221339670f9444c6
-
SHA1
413a3f2403985880e8ad0e4d3880c00eeea93c36
-
SHA256
32e85191ad3dfdbc3981cb5cdb0bb35c19721be3604702e8fff800b91b55f854
-
SHA512
e7452bd68bf8c5eeaf58a8f16468ea84bcc0047351dea9525549faffa13112dff97f345296456af544f892f8c3c3a2e753e16830fb6c9d02e83d3241d7500c3c
Static task
static1
Behavioral task
behavioral1
Sample
E1-20210112_1959.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
E1-20210112_1959.doc
Resource
win10v20201028
Malware Config
Extracted
http://baselinealameda.com/j/uoB/
http://abdindash.xyz/b/Yonhx/
https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
https://craku.tech/h/iXbreOs/
https://nicoblogroms.com/c/V9w0b5/
https://www.taradhuay.com/d/oT5uG/
https://altcomconstruction.com/wp-includes/or7/
Targets
-
-
Target
E1-20210112_1959
-
Size
157KB
-
MD5
512c3b7b2e569cec221339670f9444c6
-
SHA1
413a3f2403985880e8ad0e4d3880c00eeea93c36
-
SHA256
32e85191ad3dfdbc3981cb5cdb0bb35c19721be3604702e8fff800b91b55f854
-
SHA512
e7452bd68bf8c5eeaf58a8f16468ea84bcc0047351dea9525549faffa13112dff97f345296456af544f892f8c3c3a2e753e16830fb6c9d02e83d3241d7500c3c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-