General
-
Target
Details-2199-0018595796.doc
-
Size
162KB
-
Sample
210122-tl7x87bjvj
-
MD5
818b1ab912b03f7224b2be26ec05ac64
-
SHA1
bfe77955067bed43c5c95996aba948d3ed0d7703
-
SHA256
caede708b38ca301f7c2d14f3dec3ccf02e0312f4f8a2b21b26d7bf6ea714206
-
SHA512
84478c4a233508a6bb37a7fedefcb90ee6176c41988d226fd76c0ff995659c46be33fdbed383fa6bba00c1585e28e681362ce82dfb08da8cf787fe6db19399b8
Behavioral task
behavioral1
Sample
Details-2199-0018595796.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Details-2199-0018595796.doc
Resource
win10v20201028
Malware Config
Extracted
http://zhongshixingchuang.com/wp-admin/N2X3/
http://members.nlbformula.com/cgi-bin/vazlwkU/
http://dynamicsteels.com/can-you-lpy7p/MaJIcT/
https://www.lixko.com/wp-includes/LEq9VJd/
https://srishtiherbs.com/jms/bq8/
https://surfboarddigital.com/carol-stream-i7lsj/8e/
https://unikaryapools.com/wp/ysFiRq1/
Targets
-
-
Target
Details-2199-0018595796.doc
-
Size
162KB
-
MD5
818b1ab912b03f7224b2be26ec05ac64
-
SHA1
bfe77955067bed43c5c95996aba948d3ed0d7703
-
SHA256
caede708b38ca301f7c2d14f3dec3ccf02e0312f4f8a2b21b26d7bf6ea714206
-
SHA512
84478c4a233508a6bb37a7fedefcb90ee6176c41988d226fd76c0ff995659c46be33fdbed383fa6bba00c1585e28e681362ce82dfb08da8cf787fe6db19399b8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-