General
-
Target
0113_203089882.doc
-
Size
633KB
-
Sample
210113-xvldqt5e82
-
MD5
8cde22c011629e537c9f3ef15225c2d7
-
SHA1
e85624f6fb796946b75d2091c3c38ed61764cde8
-
SHA256
678da85cecff2cdda8559281dfc8a89f87c44c6371cbda4de4bc9ea5cd2f5cf9
-
SHA512
59ebe8c806d7585bd0c44a08dfacf1f2cdede087b9e86d75608771ff2ce4bfe2a4ac7fbd364f87dff89099fe8223e736680de9d700320bbb42944b3e9ad62ab2
Static task
static1
Behavioral task
behavioral1
Sample
0113_203089882.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0113_203089882.doc
Resource
win10v20201028
Malware Config
Targets
-
-
Target
0113_203089882.doc
-
Size
633KB
-
MD5
8cde22c011629e537c9f3ef15225c2d7
-
SHA1
e85624f6fb796946b75d2091c3c38ed61764cde8
-
SHA256
678da85cecff2cdda8559281dfc8a89f87c44c6371cbda4de4bc9ea5cd2f5cf9
-
SHA512
59ebe8c806d7585bd0c44a08dfacf1f2cdede087b9e86d75608771ff2ce4bfe2a4ac7fbd364f87dff89099fe8223e736680de9d700320bbb42944b3e9ad62ab2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-