General
-
Target
SecuriteInfo.com.Mal.DocDl-K.8726.24378
-
Size
103KB
-
Sample
210113-j3xrgkx3zx
-
MD5
63d050a0b73b0ffc079150296c073cab
-
SHA1
b5b302ceeac09ba16da146138dc3134f363affef
-
SHA256
206e8bdc5d69ceabd4d65a60efd5e6bdd03258acf0e528abd997fbb3cc948737
-
SHA512
08836049f1794c5bd39ee4325de78c245411ce9c582c451e0b684791ab4a968b62e7da46efa28de8e87dcd2cb49ff5c2af9d3d58e8f77b6dc48b94aedc3d6862
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Mal.DocDl-K.8726.24378.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Mal.DocDl-K.8726.24378.doc
Resource
win10v20201028
Malware Config
Extracted
http://angel2gether.de/BlutEngel/SpeechEngines/
http://holonchile.cl/cgi-bin/System32/
http://members.nlbformula.com/cgi-bin/Microsoft.NET/
http://akybron.hu/wordpress/Triedit/
https://norailya.com/drupal/4zKMm/
http://giannaspsychicstudio.com/cgi-bin/Systems/
Targets
-
-
Target
SecuriteInfo.com.Mal.DocDl-K.8726.24378
-
Size
103KB
-
MD5
63d050a0b73b0ffc079150296c073cab
-
SHA1
b5b302ceeac09ba16da146138dc3134f363affef
-
SHA256
206e8bdc5d69ceabd4d65a60efd5e6bdd03258acf0e528abd997fbb3cc948737
-
SHA512
08836049f1794c5bd39ee4325de78c245411ce9c582c451e0b684791ab4a968b62e7da46efa28de8e87dcd2cb49ff5c2af9d3d58e8f77b6dc48b94aedc3d6862
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-