General
-
Target
3c88f3cdee299ae2064992462b5614af071d49d53b467005204d98748a55b8cd
-
Size
157KB
-
Sample
210112-ndsxp2gs82
-
MD5
dca055a2f05a8596f346c6ac50affdab
-
SHA1
084bda57c7736b2b22f75a622163b58b90bbd6d8
-
SHA256
3c88f3cdee299ae2064992462b5614af071d49d53b467005204d98748a55b8cd
-
SHA512
b75496c32d102bfb1043785ad7a1d05b0792a817cda3671b897f900aa17323136ff2dc3ecdcb157f2482be7ff5ea67dca32bb8feaadce238ac58a2e28b53755e
Static task
static1
Behavioral task
behavioral1
Sample
3c88f3cdee299ae2064992462b5614af071d49d53b467005204d98748a55b8cd.doc
Resource
win10v20201028
Malware Config
Extracted
https://remediis.com/t/gm2X/
http://avadnansahin.com/wp-includes/w/
http://solicon.us/allam-cycle-1c4gn/f5z/
http://www.riparazioni-radiotv.com/softaculous/DZz/
http://www.agricampeggiocortecomotto.it/wp-admin/s7p1/
https://www.starlingtechs.com/GNM/
http://hellas-darmstadt.de/cgi-bin/ZSoo/
Targets
-
-
Target
3c88f3cdee299ae2064992462b5614af071d49d53b467005204d98748a55b8cd
-
Size
157KB
-
MD5
dca055a2f05a8596f346c6ac50affdab
-
SHA1
084bda57c7736b2b22f75a622163b58b90bbd6d8
-
SHA256
3c88f3cdee299ae2064992462b5614af071d49d53b467005204d98748a55b8cd
-
SHA512
b75496c32d102bfb1043785ad7a1d05b0792a817cda3671b897f900aa17323136ff2dc3ecdcb157f2482be7ff5ea67dca32bb8feaadce238ac58a2e28b53755e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-