General
-
Target
Info_IU_03693.doc
-
Size
160KB
-
Sample
210120-jat5qrekk6
-
MD5
11b2f224825ee841b6df0e52298bee2c
-
SHA1
9e139896444a4c946221570a019b3fec05f0a419
-
SHA256
b9f57f97d4ea9c107ca90927fdd5e4f7b5e3eb315ff4fa568f600f1700dc3f8f
-
SHA512
1a6e4b11ba9988c98ba663b6bfd38022aae0183fde5808e036de2c6b831c54a0d5516031dc6bb0de53105cd2a3b86903bc0b14b991d38ad1f2c5335df32c383a
Behavioral task
behavioral1
Sample
Info_IU_03693.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Info_IU_03693.doc
Resource
win10v20201028
Malware Config
Extracted
http://zhongsijiacheng.com/wp-content/jn5/
http://artistascitizen.com/wp-content/Bx3cr6/
http://ombchardin.com/archive/V/
https://apsolution.work/magneti-marelli-zkkmb/toq7Eiy/
https://happycheftv.com/wp-admin/z6uGcbY/
https://careercoachconnection.com/tenderometer/4K/
https://tacademicos.com/content/JbF68i/
Targets
-
-
Target
Info_IU_03693.doc
-
Size
160KB
-
MD5
11b2f224825ee841b6df0e52298bee2c
-
SHA1
9e139896444a4c946221570a019b3fec05f0a419
-
SHA256
b9f57f97d4ea9c107ca90927fdd5e4f7b5e3eb315ff4fa568f600f1700dc3f8f
-
SHA512
1a6e4b11ba9988c98ba663b6bfd38022aae0183fde5808e036de2c6b831c54a0d5516031dc6bb0de53105cd2a3b86903bc0b14b991d38ad1f2c5335df32c383a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-