General
-
Target
TT Slip.doc
-
Size
1.5MB
-
Sample
210119-2f8jsf1l4e
-
MD5
1346939d66aaba35fc0b1038500acb57
-
SHA1
069163a5437a681d36bd28db647a3e09cc3c843f
-
SHA256
edff50baf76f61fd72952a9b613757729994ef745773d7b7ad67f352c302873d
-
SHA512
aa2df1c8216dea9b33044f9b06c7239d61ce9cde3ffe2a6399c5b4c02ad5603bdc4418e3c2630509e7ef19d884a66153cbbb4051633226684d9b52a7a8fdf6ac
Static task
static1
Behavioral task
behavioral1
Sample
TT Slip.doc.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
TT Slip.doc.rtf
Resource
win10v20201028
Malware Config
Extracted
formbook
http://www.transparentpetcrate.com/lnb/
sauschwein.info
ywpntv.com
gironbeautysalon.online
cryptogeekstuff.com
leosrock.com
sistersv.space
ilss.life
vshuzi.com
europeanculinarymagic.com
mdtlalab.com
boletasenorden.com
eebushe11.com
sms8888.com
arrogantjerxs.com
aboudmotors.com
vzuels.com
searko.com
thathealthysoul.com
365wt38493984284.com
solarpanelsystemflorida.com
testdummylab.com
1728025.com
vrpreservation.com
reinadelosfrikis.com
questionmaze.com
standingstoneevents.com
achraflaabassi.com
austinsubarusouth.com
africa-pif.com
the-hidden-places.com
boobieneckpillow.com
dvisionz.com
charlottescaife.com
shahedahtextiles.com
celebratewithlawilliams.com
sochobadlo.com
soccervest.com
hqyc04.com
lovepeacejoygratitude.com
pamsphils.com
miaportfolio.site
bednhomes.com
centellagoodyear.com
trubluau.com
geraheselouine.com
elkinart.com
next-setup-file.xyz
rashiratan.xyz
memotrace.com
groupdating.club
netflx-updt78f.com
ramonaestudiocreativo.com
giveawayconsumers.xyz
toponeswap.com
bestiephone.com
lifeharness.com
bikerleatherz.com
property-pleasant.website
thediamondbydoron.com
gamesredar.club
tiresgreat.info
actevate.xyz
drblowers.com
nasosd.com
Targets
-
-
Target
TT Slip.doc
-
Size
1.5MB
-
MD5
1346939d66aaba35fc0b1038500acb57
-
SHA1
069163a5437a681d36bd28db647a3e09cc3c843f
-
SHA256
edff50baf76f61fd72952a9b613757729994ef745773d7b7ad67f352c302873d
-
SHA512
aa2df1c8216dea9b33044f9b06c7239d61ce9cde3ffe2a6399c5b4c02ad5603bdc4418e3c2630509e7ef19d884a66153cbbb4051633226684d9b52a7a8fdf6ac
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-