General
-
Target
INF-20210120-08909.zip
-
Size
86KB
-
Sample
210120-hr5l723le6
-
MD5
677a752ebc2249471ae4eda579a8bde6
-
SHA1
fa91087685c057625b27b2741bed507bec4760da
-
SHA256
c6965160d25ddc07b8efd40215b5227f0087f09992e16ecce5e7d060918ee2ac
-
SHA512
ded2cc066eca0f5124ee61d1ee3e3043a99b146075c5bf3363f13bc81bce43b4a240102ca918fee847fa7e1d02820be54da80aad2a56895045611fcd88451081
Behavioral task
behavioral1
Sample
INF-20210120-08909.doc
Resource
win10v20201028
Malware Config
Extracted
http://zhongsijiacheng.com/wp-content/jn5/
http://artistascitizen.com/wp-content/Bx3cr6/
http://ombchardin.com/archive/V/
https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
https://happycheftv.com/wp-admin/z6uGcbY/
https://careercoachconnection.com/tenderometer/4K/
https://tacademicos.com/content/JbF68i/
Targets
-
-
Target
INF-20210120-08909.doc
-
Size
160KB
-
MD5
e1cd9b67d8dc2c78b0aa3c80da4806b0
-
SHA1
7a076b44f4bab8fe409805efb5b6f3826a9ccb91
-
SHA256
27eb929efd1cfc1a8ba450565117b9011c7eaeb1d8037720dca123dd90f71820
-
SHA512
df1f59b09494253b53105b71d7ad978e4170bfb02b690622e50293601b8fcbe2f606fba85db17d6d13b3dde02b252aa3c34a676905b2177ad1384a3292280340
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-