General
-
Target
020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0
-
Size
167KB
-
Sample
210121-1jdyn9sdva
-
MD5
8c2d4a6d6727630c0728672c2ff55f4b
-
SHA1
e6d79e49ad47880722fda9d27fb80b147768e1e3
-
SHA256
020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0
-
SHA512
a2a3ed01573af67e6decb2dcb9d761b0092f290eaa745c58f1475a8967c81d0edc145b7ae40b14d6666ec539c180fa0da720b0e33e056157b9ab4c5d7adfb3e0
Behavioral task
behavioral1
Sample
020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0.doc
Resource
win10v20201028
Malware Config
Extracted
http://covisiononeness.org/new/F9v/
https://www.oshiscafe.com/wp-admin/5Dm/
https://lionrockbatteries.com/wp-snapshots/C/
https://www.schmuckfeder.net/reference/ubpV/
http://cirteklink.com/F0xAutoConfig/1Zb4/
https://nimbledesign.miami/wp-admin/C/
http://xunhong.net/sys-cache/D0/
Targets
-
-
Target
020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0
-
Size
167KB
-
MD5
8c2d4a6d6727630c0728672c2ff55f4b
-
SHA1
e6d79e49ad47880722fda9d27fb80b147768e1e3
-
SHA256
020bceec2fdbd029d767e4d2714cdf30546debb93652c93fa9983cdbb2403cd0
-
SHA512
a2a3ed01573af67e6decb2dcb9d761b0092f290eaa745c58f1475a8967c81d0edc145b7ae40b14d6666ec539c180fa0da720b0e33e056157b9ab4c5d7adfb3e0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-