General
-
Target
Untitled_2021_01_12_G478621.doc
-
Size
157KB
-
Sample
210114-9fdm51tz42
-
MD5
054ef4f75808a1d23c78a216db816336
-
SHA1
467dabe728edae96ca6229c8aefd0d20ed175539
-
SHA256
1cc13f331b8070b5e46b47016ad976bb3033eba3f81d7be30e529eece66829f9
-
SHA512
79c1ced23104dce5a115786dd36538082a36c41cbf69ecf9ff7f5b8c1169e12eadbe49fd0a06b0110f8390cf2ffef68f70fdfc6a42905a3e63154ab48b0bc36d
Behavioral task
behavioral1
Sample
Untitled_2021_01_12_G478621.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Untitled_2021_01_12_G478621.doc
Resource
win10v20201028
Malware Config
Extracted
http://baselinealameda.com/j/uoB/
http://abdindash.xyz/b/Yonhx/
https://cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/
https://craku.tech/h/iXbreOs/
https://nicoblogroms.com/c/V9w0b5/
https://www.taradhuay.com/d/oT5uG/
https://altcomconstruction.com/wp-includes/or7/
Targets
-
-
Target
Untitled_2021_01_12_G478621.doc
-
Size
157KB
-
MD5
054ef4f75808a1d23c78a216db816336
-
SHA1
467dabe728edae96ca6229c8aefd0d20ed175539
-
SHA256
1cc13f331b8070b5e46b47016ad976bb3033eba3f81d7be30e529eece66829f9
-
SHA512
79c1ced23104dce5a115786dd36538082a36c41cbf69ecf9ff7f5b8c1169e12eadbe49fd0a06b0110f8390cf2ffef68f70fdfc6a42905a3e63154ab48b0bc36d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-