General
-
Target
Agenda-57014.doc
-
Size
103KB
-
Sample
210112-qjzxfrfaps
-
MD5
8980f024234f9bd081c66e48cfe3ce7f
-
SHA1
987d37b8e6e8b473ac184d41fd9353045f91b2cd
-
SHA256
ace4a5bc0575d917c7d59092089a82be55031d8a4c4e7a82d2cbf094406dc02d
-
SHA512
4d762cdcbd82b6908947f5abe0e1e07e8337a7ae73256dcd1db6c40d1560c73c4ec82900ebd6066ff468165bca4141ddace484fc9ebbce45bcc5e40e392fe83e
Static task
static1
Behavioral task
behavioral1
Sample
Agenda-57014.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Agenda-57014.doc
Resource
win10v20201028
Malware Config
Extracted
http://angel2gether.de/BlutEngel/SpeechEngines/
http://holonchile.cl/cgi-bin/System32/
http://members.nlbformula.com/cgi-bin/Microsoft.NET/
http://akybron.hu/wordpress/Triedit/
https://norailya.com/drupal/4zKMm/
http://giannaspsychicstudio.com/cgi-bin/Systems/
Targets
-
-
Target
Agenda-57014.doc
-
Size
103KB
-
MD5
8980f024234f9bd081c66e48cfe3ce7f
-
SHA1
987d37b8e6e8b473ac184d41fd9353045f91b2cd
-
SHA256
ace4a5bc0575d917c7d59092089a82be55031d8a4c4e7a82d2cbf094406dc02d
-
SHA512
4d762cdcbd82b6908947f5abe0e1e07e8337a7ae73256dcd1db6c40d1560c73c4ec82900ebd6066ff468165bca4141ddace484fc9ebbce45bcc5e40e392fe83e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-