General
-
Target
Lijst-736-14602124.doc
-
Size
159KB
-
Sample
210114-mf575fskcx
-
MD5
d89618ae7405fb93a31812123313338f
-
SHA1
f71e0af29d661fe55baa89dadd7d686c9b2c0b14
-
SHA256
bcd56c012124b5a591a33341dbcd4a796fba46d0660989d1022207230ddd48d3
-
SHA512
d595c834e1e2a39a3f037f216ffaa186d692385bc78532a41582f3bbbe85c3b4f7433fc4f145dcce024c48718992ed4e9b9f2195fc8a104b4f390b6f8296d847
Behavioral task
behavioral1
Sample
Lijst-736-14602124.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Lijst-736-14602124.doc
Resource
win10v20201028
Malware Config
Extracted
http://ketorecipesfit.com/wp-admin/afanv/
http://mertelofis.com/wp-content/As0/
http://givingthanksdaily.com/CP/
http://datawyse.net/0X3QY/
http://cs.lcxxny.com/wp-includes/E3U8nn/
http://makiyazhdoma.ru/blocked/tgEeW8M/
http://trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/
Targets
-
-
Target
Lijst-736-14602124.doc
-
Size
159KB
-
MD5
d89618ae7405fb93a31812123313338f
-
SHA1
f71e0af29d661fe55baa89dadd7d686c9b2c0b14
-
SHA256
bcd56c012124b5a591a33341dbcd4a796fba46d0660989d1022207230ddd48d3
-
SHA512
d595c834e1e2a39a3f037f216ffaa186d692385bc78532a41582f3bbbe85c3b4f7433fc4f145dcce024c48718992ed4e9b9f2195fc8a104b4f390b6f8296d847
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-