General
-
Target
estimate V343822 13-01.zip
-
Size
42KB
-
Sample
210113-wfrz54rwen
-
MD5
1e6ad82659c655affc23f59b9e5f7028
-
SHA1
3bc3f06c6238a9459c891ce7ffca4ad56e476ad6
-
SHA256
bd894f5bdae9ffa1df813017bb2d51069db1f49f98ba5a7218f8e46fffb809d9
-
SHA512
293661748a24d8de61efe5eea1eb6ab62c2020b7cd7e1f22055cbd118f42caec07b7e9fe02a0c10f274765be96aa419fcdd5d46a7aec80234821a92b85f590f6
Static task
static1
Behavioral task
behavioral1
Sample
V343822.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
V343822.doc
Resource
win10v20201028
Malware Config
Extracted
https://globalruraldevelopmentagency.co.za/cgi-bin/inf/
https://trioconcuerda.es/cgi-bin/Services/
http://abbc.tv/wp-content/Triedit/
http://asafina.co/wp-content/G3GLLO/
http://bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/
http://larissarobles.com/wp-admin/SIGNUP/
Targets
-
-
Target
V343822.doc
-
Size
86KB
-
MD5
e0983f7a4c35fd6056be9cdf40bf27e8
-
SHA1
b97825db147014805b7aa55f1e8f670cdc5d9f33
-
SHA256
79ce7baebe9784a507b210c9959e8c1d20f80dd499cfb8077501fbc4c1b9489f
-
SHA512
126074dfeab725ad8df6627f8ba63511620301faa98475d1ac80ce7ff6086971df435ff97a4b50661aec86b927a3f0a511f77eecbb21a8f0fa3a806627f75748
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-