General
-
Target
841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024
-
Size
157KB
-
Sample
210113-xgvr1chlmn
-
MD5
52cb4262f0f965aae77e3b2c423cf528
-
SHA1
545ad01ec85501984a5e6ad74bd632ca7b252571
-
SHA256
841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024
-
SHA512
e14e1051f90b6daa5adc7902ead05d364c7271c69a96d38bdb5b999b3f15fdf9d735ef87245bfd9382cd16bae5280c7646491eb7c75c293cd6246781ea6c3e04
Static task
static1
Behavioral task
behavioral1
Sample
841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024.doc
Resource
win10v20201028
Malware Config
Extracted
https://altrashift.com/wp-includes/I/
https://ojodetigremezcal.com/wp/i62s/
https://snowremoval-services.com/wp-content/P3Z/
http://kitsunecomplements.com/too-much-phppq/n65U/
https://imperioone.com/content/WOBq/
http://www.autoeck-baden.at/wp-content/w0Vb/
https://shop.animewho.com/content/Tj/
Targets
-
-
Target
841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024
-
Size
157KB
-
MD5
52cb4262f0f965aae77e3b2c423cf528
-
SHA1
545ad01ec85501984a5e6ad74bd632ca7b252571
-
SHA256
841f665e7fa0dafb08a148c375fc49b0594eecdf01d44cc9b7ea8e6c6b5fe024
-
SHA512
e14e1051f90b6daa5adc7902ead05d364c7271c69a96d38bdb5b999b3f15fdf9d735ef87245bfd9382cd16bae5280c7646491eb7c75c293cd6246781ea6c3e04
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-