General
-
Target
a5bb3ac2e78e042dd5e7f8a6297f4c6290d2249def0472bc9cc8b4e7ee8b44b4
-
Size
157KB
-
Sample
210113-1b7my2px4x
-
MD5
a4f359ffaf70d53f7e9caffee0560cb3
-
SHA1
a417dd75b7122b4dfa68263c64df02b794f5b778
-
SHA256
a5bb3ac2e78e042dd5e7f8a6297f4c6290d2249def0472bc9cc8b4e7ee8b44b4
-
SHA512
f1bb3ca69fca34409486f08f6a1d4ed85eff16194ede11ed02a4e57d92a069b9a84ec1475b3a1feb35f55bc4a774af240d1b329744f286fa688b296087220811
Static task
static1
Behavioral task
behavioral1
Sample
a5bb3ac2e78e042dd5e7f8a6297f4c6290d2249def0472bc9cc8b4e7ee8b44b4.doc
Resource
win10v20201028
Malware Config
Extracted
https://altrashift.com/wp-includes/I/
https://ojodetigremezcal.com/wp/i62s/
https://snowremoval-services.com/wp-content/P3Z/
http://kitsunecomplements.com/too-much-phppq/n65U/
https://imperioone.com/content/WOBq/
http://www.autoeck-baden.at/wp-content/w0Vb/
https://shop.animewho.com/content/Tj/
Targets
-
-
Target
a5bb3ac2e78e042dd5e7f8a6297f4c6290d2249def0472bc9cc8b4e7ee8b44b4
-
Size
157KB
-
MD5
a4f359ffaf70d53f7e9caffee0560cb3
-
SHA1
a417dd75b7122b4dfa68263c64df02b794f5b778
-
SHA256
a5bb3ac2e78e042dd5e7f8a6297f4c6290d2249def0472bc9cc8b4e7ee8b44b4
-
SHA512
f1bb3ca69fca34409486f08f6a1d4ed85eff16194ede11ed02a4e57d92a069b9a84ec1475b3a1feb35f55bc4a774af240d1b329744f286fa688b296087220811
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-