General
-
Target
DOC_1301_U_92121711.zip
-
Size
85KB
-
Sample
210113-x87zk8283x
-
MD5
b0d70ee90798934b459a8fb574ea8a9f
-
SHA1
57b2fece3bf41c20a1e3fb944b0398299645c987
-
SHA256
eda35c0ea618a57ad379515f8d2c25b8a52a88ccb372ec7defba3c0eb3259876
-
SHA512
0fa25e8e5006b9dd418ad9214d0907574568c4a31bc2bc766ff1ca82e2c11d7c94519e5b7823edcf06bfdb72032cd63ed16e516bf9e782f207be36835d95f26f
Static task
static1
Behavioral task
behavioral1
Sample
DOC_1301_U_92121711.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DOC_1301_U_92121711.doc
Resource
win10v20201028
Malware Config
Extracted
https://smkbudiagung.com/wp-content/VoPg04/
https://ats-tx.com/old/f1X/
http://avanttipisos.com.br/catalogo-virtual/U/
http://mpeakecreations.co.za/cgi-bin/vVk1rw/
http://adres-ug.ru/wp-admin/IItD/
https://theraven.pk/overwolf-r6-vdace/UH4fL/
http://bhar.com.br/elementos/MQfB/
Targets
-
-
Target
DOC_1301_U_92121711.doc
-
Size
158KB
-
MD5
7f013028b389d513b3ecdb0314a8e565
-
SHA1
6ab79010a6d9ceef32f6c7429a20fab9c2b3e161
-
SHA256
1186bddeaa3cf409c79c698387ea235caec1d0f737790405f6cc12f64b90b5e5
-
SHA512
38ca252877b342847d90fa20962ac9097038699b46645474eef57a31c12ac873ba56f64fe39cf576315442e8e232877d519e1be3d857daa679a7798ac2a96680
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-