General
-
Target
E3-20210112_2343
-
Size
157KB
-
Sample
210113-jlw3a21b12
-
MD5
df66ce237d60ca77253674acb51f9420
-
SHA1
38e3feb8cf7b573eaaac69213809ea8300199ed8
-
SHA256
d165beb4c7b032b989d7681e8d08557ed1f8c937a874fc43701aa61efa9e1992
-
SHA512
f1a337cdc4c73d16176d9c6c6389c2dd78b14e680e028b2199d629938bb826df4182e54a5be72fe05d4f4ae9630cbbe6ff8c9e9590ed1a168344e6e7e3743e3b
Static task
static1
Behavioral task
behavioral1
Sample
E3-20210112_2343.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
E3-20210112_2343.doc
Resource
win10v20201028
Malware Config
Extracted
http://adsavy.com/files/pJ/
http://bestpopping.com/electric-auger-n0ao3/Emwmeyje76/
http://replanliving.co.uk/wp-content/microsoft/
https://rashmimaheshwari.com/content/SIGNUP/
https://www.infoquick.co.uk/myfriends/Help/
http://calledtochange.org/CalledtoChange/Systems/
Targets
-
-
Target
E3-20210112_2343
-
Size
157KB
-
MD5
df66ce237d60ca77253674acb51f9420
-
SHA1
38e3feb8cf7b573eaaac69213809ea8300199ed8
-
SHA256
d165beb4c7b032b989d7681e8d08557ed1f8c937a874fc43701aa61efa9e1992
-
SHA512
f1a337cdc4c73d16176d9c6c6389c2dd78b14e680e028b2199d629938bb826df4182e54a5be72fe05d4f4ae9630cbbe6ff8c9e9590ed1a168344e6e7e3743e3b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-