General
-
Target
ARC_H535.doc
-
Size
167KB
-
Sample
210114-nyj71lzsrn
-
MD5
265eac00afa62c7e92da8988d51ae7da
-
SHA1
2d341415c447553e9deb2a594b0ec988293c8313
-
SHA256
5eb02656c9d0f774760331a9af55e93a774b09ceaf654a1f199ab800c8a00c50
-
SHA512
96725f1869b1b2643a319211401cb5fca9b27af39bc22bc81d5b578482c0dc42376e974f36da8d1399e347cb83e8c7329453ce889ea4e12f8fecf08a49d09ed1
Behavioral task
behavioral1
Sample
ARC_H535.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ARC_H535.doc
Resource
win10v20201028
Malware Config
Extracted
http://transfersuvan.com/wp-admin/yhUw0GU/
http://equipamentosmix.com/1/TRM/
http://vedavacademy.com/wp-admin/7BHbH/
http://lezz-etci.com/wp-content/mXxP/
https://lapiramideopticas.com/tesla-powerwall-ok3h2/kmJ/
http://aryasamajmandirkanpur.com/cgi-bin/VcJK/
http://music.mnahid.com/wp-admin/kCGrt8/
Targets
-
-
Target
ARC_H535.doc
-
Size
167KB
-
MD5
265eac00afa62c7e92da8988d51ae7da
-
SHA1
2d341415c447553e9deb2a594b0ec988293c8313
-
SHA256
5eb02656c9d0f774760331a9af55e93a774b09ceaf654a1f199ab800c8a00c50
-
SHA512
96725f1869b1b2643a319211401cb5fca9b27af39bc22bc81d5b578482c0dc42376e974f36da8d1399e347cb83e8c7329453ce889ea4e12f8fecf08a49d09ed1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Drops file in System32 directory
-