General
-
Target
0112_4735106192.doc
-
Size
735KB
-
Sample
210112-vn986v8vke
-
MD5
fd6d667d0f199549d545bb3c99d6a4b9
-
SHA1
8a1a67cc6c734398c4b0c907f222a65ae99f39d5
-
SHA256
a1ec1a483f549af7e6f26ffe8b2c2ef6ac8c8f0d99349350c1df5eaa327f1ed3
-
SHA512
8be35d3917cd18789404c33c8f72309ba186f7941d4b368baceaf019dfb067432aefc8cb14d4d2f39ee99161ed36b477eced89cdf1751fc3d0869d84c60a10f0
Static task
static1
Behavioral task
behavioral1
Sample
0112_4735106192.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0112_4735106192.doc
Resource
win10v20201028
Malware Config
Targets
-
-
Target
0112_4735106192.doc
-
Size
735KB
-
MD5
fd6d667d0f199549d545bb3c99d6a4b9
-
SHA1
8a1a67cc6c734398c4b0c907f222a65ae99f39d5
-
SHA256
a1ec1a483f549af7e6f26ffe8b2c2ef6ac8c8f0d99349350c1df5eaa327f1ed3
-
SHA512
8be35d3917cd18789404c33c8f72309ba186f7941d4b368baceaf019dfb067432aefc8cb14d4d2f39ee99161ed36b477eced89cdf1751fc3d0869d84c60a10f0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-