General
-
Target
Liste-70497 462123797.doc
-
Size
158KB
-
Sample
210114-5fqqc3m9a6
-
MD5
e6fa06f6b8a4fc18b58ab391ef19cba9
-
SHA1
79e39537c6deeb162756e2dfe7a3f77c0f96d1e2
-
SHA256
9c79e7b9f68462cc7dc5a5e149b64d277c92a2edb2c6f85eac8c78286172c209
-
SHA512
759bc77a2595af11f910e4addb9d06492110a1af062c2dc98648e929a79fe0eccf911418026697d67bfe0428c5b8a965a98d3d1247d80d2ac2f40b695e185cd7
Behavioral task
behavioral1
Sample
Liste-70497 462123797.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Liste-70497 462123797.doc
Resource
win10v20201028
Malware Config
Extracted
https://smkbudiagung.com/wp-content/VoPg04/
https://ats-tx.com/old/f1X/
http://avanttipisos.com.br/catalogo-virtual/U/
http://mpeakecreations.co.za/cgi-bin/vVk1rw/
http://adres-ug.ru/wp-admin/IItD/
https://theraven.pk/overwolf-r6-vdace/UH4fL/
http://bhar.com.br/elementos/MQfB/
Targets
-
-
Target
Liste-70497 462123797.doc
-
Size
158KB
-
MD5
e6fa06f6b8a4fc18b58ab391ef19cba9
-
SHA1
79e39537c6deeb162756e2dfe7a3f77c0f96d1e2
-
SHA256
9c79e7b9f68462cc7dc5a5e149b64d277c92a2edb2c6f85eac8c78286172c209
-
SHA512
759bc77a2595af11f910e4addb9d06492110a1af062c2dc98648e929a79fe0eccf911418026697d67bfe0428c5b8a965a98d3d1247d80d2ac2f40b695e185cd7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-