General
-
Target
Inf-20210113-RRQ4296.zip
-
Size
85KB
-
Sample
210112-zp8f9evxes
-
MD5
7c6cafb0561475dcc631b3b693aed4b1
-
SHA1
dc84d651bd8346316d7b4f54a928b4cb73689f83
-
SHA256
686bb0faa8e805bb193c3063c7fb3993551c8e81ee47af536bcbd3ea0afa70d6
-
SHA512
86efc2da8351c2dfdbeab8404dada366195eff856d2948b66b0c1224a34932d28d3239ebd4a9846233aa85872f45cca56d19e5af48707a0a31345057cb28ec6c
Static task
static1
Behavioral task
behavioral1
Sample
Inf-20210113-RRQ4296.doc
Resource
win10v20201028
Malware Config
Extracted
http://baselinealameda.com/j/uoB/
http://abdindash.xyz/b/Yonhx/
https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
https://craku.tech/h/iXbreOs/
https://nicoblogroms.com/c/V9w0b5/
https://www.taradhuay.com/d/oT5uG/
https://altcomconstruction.com/wp-includes/or7/
Targets
-
-
Target
Inf-20210113-RRQ4296.doc
-
Size
156KB
-
MD5
3a5678052145f087c13cb48c90c42a9f
-
SHA1
7b48570b487963b774951124aca732d096409cae
-
SHA256
e5f4c0869a8a4f10e85cf0ee7799f053402929df853f25d2215271061395fc3a
-
SHA512
bcd441a7a736fd1b22d731672f2ddefdf36dadcc3b3961a2e3b19e4bc3813837d8591ae0e5480c736db151f489c745de7d33c6ae75636d4f380a1cc885c29b5e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-