General
-
Target
UNTITLED_20210113_042087.zip
-
Size
85KB
-
Sample
210113-kfhg3zwq62
-
MD5
c02bffef8e3cfa38bc08c6908dee924f
-
SHA1
a56e64363505c3934aff87e80a1a167d3381fe74
-
SHA256
bc229990e5442e9a7fbf8cea95356a795cd30266e0bff8eab1c03a4b1c28ada5
-
SHA512
396dfca235f7818f0e6902e0638ecf4fcdee68db746cd4d6c369f2cbe665b5d36ce35d8f62dd327ca552fa8689743125a68891716ac59e1d64a1b2cdf2e7b1fe
Static task
static1
Behavioral task
behavioral1
Sample
UNTITLED_20210113_042087.doc
Resource
win10v20201028
Malware Config
Extracted
http://baselinealameda.com/j/uoB/
http://abdindash.xyz/b/Yonhx/
https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
https://craku.tech/h/iXbreOs/
https://nicoblogroms.com/c/V9w0b5/
https://www.taradhuay.com/d/oT5uG/
https://altcomconstruction.com/wp-includes/or7/
Targets
-
-
Target
UNTITLED_20210113_042087.doc
-
Size
156KB
-
MD5
5139780280d0f70237282c051636f5da
-
SHA1
2bc56221cae38470dcb519ce993283be4246b6df
-
SHA256
45e1f8d0848560bf3b1d4630d8a02853bdf6eb8e9346da9baf9c04562281f9ef
-
SHA512
f123c04f5b7978e04dc7ba46da318f0d3b8d9f2cb623a71a6c18ffb5eebf36bcab29a85f6af0e72453b40849b57d4b2764c952fe4da085b39294cd3365ea56b2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-