General
-
Target
bijlagen 970882196.doc
-
Size
160KB
-
Sample
210114-czd3bklbd6
-
MD5
c797c4d8810f10d4e33ad05615da510e
-
SHA1
a0bcbdec6c5a5707370abf188cccb91e7474bad0
-
SHA256
764776525ba3104548efc2d4ee4472532cd78a3c33b79407790471f4edb18157
-
SHA512
08c0d33f7f4c07b5e9d2ef3d9a6e756f1eb40629dc924f5424f849d3353092678dcde3a442bd2ef70e2ee325b16156851468267aea6c52fcde5c62e2b1ab3617
Behavioral task
behavioral1
Sample
bijlagen 970882196.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
bijlagen 970882196.doc
Resource
win10v20201028
Malware Config
Extracted
http://ketorecipesfit.com/wp-admin/afanv/
http://mertelofis.com/wp-content/As0/
http://givingthanksdaily.com/CP/
http://datawyse.net/0X3QY/
http://cs.lcxxny.com/wp-includes/E3U8nn/
http://makiyazhdoma.ru/blocked/tgEeW8M/
http://trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/
Targets
-
-
Target
bijlagen 970882196.doc
-
Size
160KB
-
MD5
c797c4d8810f10d4e33ad05615da510e
-
SHA1
a0bcbdec6c5a5707370abf188cccb91e7474bad0
-
SHA256
764776525ba3104548efc2d4ee4472532cd78a3c33b79407790471f4edb18157
-
SHA512
08c0d33f7f4c07b5e9d2ef3d9a6e756f1eb40629dc924f5424f849d3353092678dcde3a442bd2ef70e2ee325b16156851468267aea6c52fcde5c62e2b1ab3617
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-