General
-
Target
Copy_invoice_#32828_doc.bin
-
Size
156KB
-
Sample
210118-2v9tt3m4te
-
MD5
eca7b443bdd18089d1e72b2394abfd96
-
SHA1
23c7fb3fc159ef732d4a7bf4e0309ef3242c4138
-
SHA256
7bb94464b3d84793306c5871494ec5b557815c2dee93f5ff5ba01e1fe7c85d88
-
SHA512
1a524c3fcdf66ea7d7d6265e2b4b61909a4636b842b622c2c25b68a0260e00c7e29362e976ec59d72075da3484d3ef663b6145ef5bbd212940a96f56decf1ca7
Behavioral task
behavioral1
Sample
Copy_invoice_#32828_doc.bin.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Copy_invoice_#32828_doc.bin.doc
Resource
win10v20201028
Malware Config
Extracted
http://etbnaman.com/wp-admin/V0Sv/
http://spovahealth.com/z/Vb/
http://youyouwj.com/b/HW/
http://labasedespatriotes.net/wp-content/tGjE/
http://anakhita.com/wordpress/Pt/
http://ezdesigns.net/ALFA_DATA/h/
http://menol.eu/wp/mT/
Targets
-
-
Target
Copy_invoice_#32828_doc.bin
-
Size
156KB
-
MD5
eca7b443bdd18089d1e72b2394abfd96
-
SHA1
23c7fb3fc159ef732d4a7bf4e0309ef3242c4138
-
SHA256
7bb94464b3d84793306c5871494ec5b557815c2dee93f5ff5ba01e1fe7c85d88
-
SHA512
1a524c3fcdf66ea7d7d6265e2b4b61909a4636b842b622c2c25b68a0260e00c7e29362e976ec59d72075da3484d3ef663b6145ef5bbd212940a96f56decf1ca7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-