General
-
Target
0113_1010932681.doc
-
Size
387KB
-
Sample
210113-5e8fxywzqx
-
MD5
2cf234a33be54ffa5c49f4380e01fdac
-
SHA1
e7f83e5d90d318368b355b78f4d92c01f9b5def3
-
SHA256
111a2dc96e082b86a79dd90ec307c977a21c7aee0ddb141d688a17bd65f3661d
-
SHA512
02ccf1b583ddde4c51abfeaccc1d2fbc741ba826e9f9d6127f64b1df3c50ed3760992fa21812ad7a9cb9cd1b222d0e943753de5a8b412a3a093dc5cef08405e8
Malware Config
Targets
-
-
Target
0113_1010932681.doc
-
Size
387KB
-
MD5
2cf234a33be54ffa5c49f4380e01fdac
-
SHA1
e7f83e5d90d318368b355b78f4d92c01f9b5def3
-
SHA256
111a2dc96e082b86a79dd90ec307c977a21c7aee0ddb141d688a17bd65f3661d
-
SHA512
02ccf1b583ddde4c51abfeaccc1d2fbc741ba826e9f9d6127f64b1df3c50ed3760992fa21812ad7a9cb9cd1b222d0e943753de5a8b412a3a093dc5cef08405e8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-