General
-
Target
fa3ee68080df60cda7f4ba7733dad99b309f0d2ebc6da64d97963d9a3d91dc2b.doc
-
Size
158KB
-
Sample
210115-lvpwcmat4x
-
MD5
67142f46102f95424482ca30e216df99
-
SHA1
1cfe364fb4abb49d9e232e7eba550d5dbbcc7e6b
-
SHA256
fa3ee68080df60cda7f4ba7733dad99b309f0d2ebc6da64d97963d9a3d91dc2b
-
SHA512
415fca3a400d9713ba65858e5310444b62633b0659e353d25f17b86e46da8eda3de8dd08e8a0b1861fbb116f7a4d260d1a2383e86d1bcf955fdcdc4f6bb65c6d
Behavioral task
behavioral1
Sample
fa3ee68080df60cda7f4ba7733dad99b309f0d2ebc6da64d97963d9a3d91dc2b.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
fa3ee68080df60cda7f4ba7733dad99b309f0d2ebc6da64d97963d9a3d91dc2b.doc
Resource
win10v20201028
Malware Config
Extracted
https://shulovbaazar.com/c/bcL6/
https://mybusinessevent.com/tiki-install/e/
http://uhk.cncranes.com/ErrorPages/3/
https://capturetheaction.com.au/wp-includes/Yjp/
https://thenetworker.ca/comment/8N4/
https://trayonlinegh.com/cgi-bin/HBPR/
http://mmo.martinpollock.co.uk/a/SQSGg/
Targets
-
-
Target
fa3ee68080df60cda7f4ba7733dad99b309f0d2ebc6da64d97963d9a3d91dc2b.doc
-
Size
158KB
-
MD5
67142f46102f95424482ca30e216df99
-
SHA1
1cfe364fb4abb49d9e232e7eba550d5dbbcc7e6b
-
SHA256
fa3ee68080df60cda7f4ba7733dad99b309f0d2ebc6da64d97963d9a3d91dc2b
-
SHA512
415fca3a400d9713ba65858e5310444b62633b0659e353d25f17b86e46da8eda3de8dd08e8a0b1861fbb116f7a4d260d1a2383e86d1bcf955fdcdc4f6bb65c6d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-